my understanding is that you’d still have a username/password , but you also have the option of associating your account with multiple passkeys (1 per device?) so that you could log into your account without using your password? (or to use the passkey as a 2fa confirmation)
Theoretically more secure, but only if you’re the kind of person who uses the same password for all your accounts? (life advice: don’t do this! Use 1password or something similar)
2FA on the other hand seems to make more sense and instead of solving the problem of making it easier to sign in , it makes it Harder to sign in on purpose in exchange for more security.
As a (power) user, I find 2FA useful for adding an extra layer of security to critical accounts. And I still find passkeys confusing..
i definitely consider myself a power user, and i always support adding 2FA and passkeys, as by now it’s basic security in my eyes. i think adding both is a good choice. if you do passkeys i personally prefer skipping passwords instead of using it as the second factor, as by that time im already in my 1password any copying an otp is usually simpler than using a passkey.
i do wonder how it would work in the desktop app tho for signing in
if you were using passkeys would you use 2fa? (seems like both may be technically redundant?)
if you do passkeys i personally prefer skipping passwords
Yeah, the article says to do that too. If you use passkeys then the user should no longer be able to sign in with a password Otherwise, there’s technically no security benefit to passkeys.
please don’t do that. theres always like a 20% chance either my browser, laptop or phone decides that it’s no passkeys for you. and I think anyone who uses 1password with an android is the same way, it’s not very reliable.
this is part of why i think passkeys are a flawed standard.
The only way they prevent the security scenario where someone uses the same passwords on multiple sites is if the passkey removes/replaces the password. But if it doesn’t then when the user password is compromised on another site, they’ll be able to login to kinopio.
Hence why I increasingly think passkeys make no practical sense irl, and why opt-in 2FA is the least bad option.
That said , the overlap of ppl who would have bad password hygene and also would adopt/understand 2FA is probably very slim.
But 2FA at least has the benefit of increased security for business users, but passkeys does not even have that.