Is anyone working on bootstrapping passkey access to fresh Linux boxen? Until that is practical, I will probably be skeptical on this. That is, I know how to compartmentalize my passwords, but I don’t know how to compartmentalize Google’s control over my access to things.
This is an alternate expression of the “how do I recover when I lose my phone?” question that has always so far lead back to using symmetric passwords to protect private keys… which isn’t ideal but is at least practical.
PassKeys work on Linux… you just need to use a compatible browser which is most these days.
It’s also a fido standard so it isn’t really a Google thing, Apple started using them before Google even.
I didn’t mean after you logged in… I meant as the default login option to a new Linux box. Passkeys are strong because they are asymmetric, but we currently fall back on symmetric passwords to manage access to those inconveniently-large private keys. How will you reset your Google access if your computer hard disk dies or your phone drops into the ocean if Google will no longer allow passwords? I figure that independence from big brother and fault tolerance to hardware failures would be appropriately-robust if this great new approach could work offline bootstrapping the security of a new computer.
I didn’t mean after you logged in… I meant as the default login option to a new Linux box.
Ah ok. I misunderstood.
As to the other bit, Google hasn’t disallowed passwords and I don’t think we’re at a point where they would.
But I mean ideally you have multiple PassKeys so if you lose one or you computer/phone dies you have a backup.
I keep a hardware key in a safe that can be used as a backup key to my accounts
I keep a hardware key in a safe that can be used as a backup key to my accounts
Dude, that’s the first place they’re going to look for it!
But where is the safe huh?
See? Gottem
How much data will they be taking from sites that use this?
No more than they already can through passwords. Passkeys are a generalized authentication standard, you can use it with any compatible software (not just Google products). More options are a good thing.
