Nice. but now how to solve the problems of loosing your phone ! is there a way to backup and transfer your passkey vault? you could make an other video just based on that subject....Thanks
The presented view is a bit narrow. Passkeys are actually a faster 2FA. In typical scenario secondary "factors" are an additional layer that lets user carry on with passwords that are easy to guess or steal with phishing attacks. So you might sometimes see a section titled MFA in your user profile of a particular website, where you can add or remove them. It is similar with Passkeys. I imagine it is a developer choice to prepare for issues like loosing access to MFA/Passkey device. In such case you can either depend on Passkey infrastructure (migrations/backup of private keys) or simply log in with password. "Reset password" via email should still be there since users will be more likely to forget the password they almost never have to use.
There are multiple issues with Passkeys and I don't believe the actual adoption will match the hype around them. For starters, privacy-focused browsers do not support them. Ok, let's assume devs usually optimize for whatever is most commonly used by regular users (Chrome/Android) - the initial workflow is convoluted, confusing, and usually not what users expect. Ok, ok, it can be said about every technology in early stages of adoption. My third issue is that users have very good alternatives - like built-in password manager in Chrome (that even suggests randomized passwords). From the devs perspective - we already have "passwordless" login with so called "magic links" and it is trivial to implement. Apps that would theoretically benefit from passkeys need users to have specific needs around cross-device access, otherwise it's just pointless to roll it instead of OAuth or SSO... I can go on and at the end... I like the concept but it is just so easy to doubt in claims of "it will be everywhere soon".
Thanks for your feedback and views on the subject. I agree its an emerging area and we need to monitor this to see how it pans out in terms of adoption
Quite a comprehensive video, thanks for the info!
Nice. but now how to solve the problems of loosing your phone ! is there a way to backup and transfer your passkey vault? you could make an other video just based on that subject....Thanks
The presented view is a bit narrow. Passkeys are actually a faster 2FA. In typical scenario secondary "factors" are an additional layer that lets user carry on with passwords that are easy to guess or steal with phishing attacks. So you might sometimes see a section titled MFA in your user profile of a particular website, where you can add or remove them. It is similar with Passkeys.
I imagine it is a developer choice to prepare for issues like loosing access to MFA/Passkey device. In such case you can either depend on Passkey infrastructure (migrations/backup of private keys) or simply log in with password. "Reset password" via email should still be there since users will be more likely to forget the password they almost never have to use.
There are multiple issues with Passkeys and I don't believe the actual adoption will match the hype around them. For starters, privacy-focused browsers do not support them. Ok, let's assume devs usually optimize for whatever is most commonly used by regular users (Chrome/Android) - the initial workflow is convoluted, confusing, and usually not what users expect. Ok, ok, it can be said about every technology in early stages of adoption. My third issue is that users have very good alternatives - like built-in password manager in Chrome (that even suggests randomized passwords). From the devs perspective - we already have "passwordless" login with so called "magic links" and it is trivial to implement. Apps that would theoretically benefit from passkeys need users to have specific needs around cross-device access, otherwise it's just pointless to roll it instead of OAuth or SSO... I can go on and at the end... I like the concept but it is just so easy to doubt in claims of "it will be everywhere soon".
Thanks for your feedback and views on the subject. I agree its an emerging area and we need to monitor this to see how it pans out in terms of adoption