alt.hn

4/19/2026 at 1:55:33 AM

Passkeys are one of the worst consumer rollouts I ever witnessed

 https://bsky.app/profile/jennschiffer.com/post/3mjrpkrqjm22a

by mooreds

4/19/2026 at 2:47:49 AM

I've been avoiding them and intend to keep doing so as long as possible. I've had passwords handled perfectly well for almost 20 years. I do not see passkeys as having any particular benefits to me and do not want to manage them.

by f30e3dfed1c9

4/19/2026 at 2:44:54 PM

I have an HSA managed by HealthEquity for work. Recently they forced us all onto passkeys.

About 80% of my login attempts now randomly fail with a “you are not authorized to see this page” error. What a system.

by UncleMeat

4/19/2026 at 2:10:12 AM

> having people enter a password to log in is a dying authorization flow - it’s too easy to crack databases, ... passkey ties it to your device

Your portable nickable device, right?

I'll rather a password tied to my brain, thanks.

by chrisjj

4/19/2026 at 2:50:14 AM

Exactly. "Passkey ties it to your device" sounds like a huge step backwards to me. Tech companies seem to have no idea how much I hate my phone.

by f30e3dfed1c9

4/19/2026 at 4:04:38 AM

FWIW, I had a conversation with an AI about passkeys. Seems to me like there are real potential benefits to (1) companies that implement them, (2) people with bad password practices, and (3) people who use one or two devices, like a laptop and a phone, or a tablet and phone.

I suspect the lion's share of benefits here go to (1) and I could not possibly care less about that.

I recognize that (2) is a huge group of people, but I'm not in it.

For people in (3), it might work pretty well especially if both are from the same company. For example, if you only ever use an iPad and an iPhone, passkeys might work out pretty well. But I'm not in that group, either.

I'm gonna keep ignoring them as long as possible.

by f30e3dfed1c9

4/19/2026 at 12:14:51 PM

Yeah, I don't think passwords are ever going away (and said it on this podcast[0]).

But for the large group of people in group 2, I'm a big fan of unphishable credentials. If we can figure out the account recovery problem. (Big if!)

0: https://changelog.com/friends/78

by mooreds

4/19/2026 at 4:13:00 PM

FWIW, I think the article "Passkeys: they're not perfect but they're getting better" at the NCSC web site is a pretty fair assessment of the current state of things.

I certainly understand and appreciate the benefits of key-based authentication: been using ssh keys for decades, wouldn't go back to password auth in that context for anything.

But I don't really see passkeys in the much wider context of web authentication for the broadest possible audience has having all the kinks worked out yet.

by f30e3dfed1c9