OK, infosec pros: Is this the panacea so many are making it out to be? I understand the benefits, but I am concerned with the greater reliance on biometrics. Unless they bring back iris scanning on phones [pouring one out for my GS8].
//
Tech giants want to kill off passwords. Here's why they think passkeys will change the world, and what that means for you - ABC News
https://www.abc.net.au/news/2022-07-14/tech-giants-passwords-passkeys-apple-google-microsoft/101184382
I would feel much better if logins required entering a 6-digit pin AND biometrics on the device.
Given that this was pushed by FIDO, will there be open-source and platform-agnostic solutions, or will we all be locked into using Apple or Google phones for this?
Can there be an option not involving smartphones at all, such as current USB hardware keys?
@corlin @White_Rabbit
The biggest positive I think is (someday) putting password DB breaches in the past.
@voltronic I hate biometrics. The security people at my old job used to hack into their own computers just for fun using biometrics and white glue (take imprint from password finger with glue, use your thumb and the glue to log in, stuff like that). We weren't allowed to use biometrics.
Which is fine by me. I find they often don't work, and kick up an even worse fuss than entering the wrong password (and for the record I'm pale, so it's not the racist product development, although also that).
@voltronic @White_Rabbit
In reading the FIDO spec. it calls for, and encourages open source, third party implementation. It also calls for supporting hardware keys and other non-biometric, authentication.
But the details are in the hands of Big tech to implement.
All in all... I believe this is a very good step.