Microsoft Launches Passkey Support For All Consumer Accounts (theverge.com) 28
Microsoft is fully rolling out passkey support for all consumer accounts today. From a report: After enabling them in Windows 11 last year, Microsoft account owners can also now generate passkeys across Windows, Android, and iOS. This makes it effortless to sign in to a Microsoft account without having to type a password in every time.
Awesome! (Score:5, Funny)
Re: Awesome! (Score:1)
Re: Awesome! (Score:5, Insightful)
It's when you get tricked into giving someone else the keys to your property and only being able to enter by calling and asking them to let you in.
Re: (Score:2)
It's when you get tricked into giving someone else the keys to your property and only being able to enter by calling and asking them to let you in.
Along with a bunch of personal information for data correlation purposes.
So they can cross-reference it with google accounts, health records, call records, payroll data, w.h.y.
I always amazes how people are willing to put in their *real* name addresses, birthdates, etc.
And birthdates are probably the worst.
I do not want cross-service account synch (Score:2)
No need for cross-service using the same account information.
Do not need them to correlate how a person uses things across different systems.
Do not want them to create an AI model of a 'normal user', a 'power user' from a large number of users and then (Target baby lotion advertisement predicting pregnancy like) build a database of 'in the month before user X did bad thing Y, here was their usage pattern'.
This has encouraged me to use a lot less services and use them in only very basic ways.
Re: (Score:2)
Pronounce it "Pesky"
No cross device sync (Score:4, Interesting)
Microsoft and Google are showing a shameful amount of incompetence for passkeys.
The only advantage of passkeys is sync, why bother announcing this if all it's really saying is "hey, we're incompetent, go buy Apple".
Sync or fuck off, across laptops and phones.
Re: (Score:2)
Re: (Score:2)
You mean this feature is designed solely to save Apple money? Shocker!
Re: (Score:2)
I don't know what you think Passkeys are, but they aren't that. They are more secure than passwords and also have the added bonus of making cookies redundant.
What don't you like about them?
Re: (Score:2)
The fact that they are device locked. For example, if I reinstall my Mac or PC, the passkeys bound to the device are lost.
However, there are some password programs like BitWarden and others which can store Passkeys. If Passkeys could be used on multiple devices, as well as exported/backed up similar to GPG private keys, it would be usable, as that way, I can move them between PW managers as I do with Google Authenticator TOTP shared secrets.
Re: No cross device sync (Score:2)
Passkeys are SUPPOSED to be device dependant, because they turn your device into a big second factor of auth. Allowing them to be synced across multiple devices would break their fundamental nature. If you need multiple devices, just add a passkey on your other device to your SSO provider and done. You just need to enroll each of your devices once. It's really not as much trouble as it sounds and it's MUCH more secure than passwords.
Passkeys were designed pretty carefully. There's no perfect balance between
Re: (Score:2)
From a user standpoint, passkeys are nice... I use them as an alternative to YubiKeys for Google stuff. However, I am still not seeing how PassKeys are better than Google TOTP authentication. Yes, there is a password, but a good password manager ensures that it will be pretty long. If someone manages to see that, the shared secret of TOTP on devices provides excellent security, and the TOTP mechanism can be on something completely offline, but have a fairly decent clock sync.
Re: (Score:1)
Think of passkeys as building the TOTP device directly into every device you use. Your laptop, phone, ipad, digital dildo, whatever. They all have TOTP built right in to them. So when you turn it on and scan your fingerprint, enter your code, swipe the pattern, use face unlock or whatever, that's factor one. The device itself is factor two. So with the regular unlock mechanism you're used to, you get 2FA for free bound to a device that is (theoretically) not cloneable.
In other words, logging in to every ser
Re: (Score:2)
If you trust Apple to secure the secure domain on the phone, why don't you trust them to sync to another secure domain?
The "phone as second factor" has terrible usability. Apple isn't interested in it.
Re: (Score:1)
"If you trust Apple to secure the secure domain on the phone, why don't you trust them to sync to another secure domain?"
Because trusting the keys into the secure enclave on the device is worlds away from trusting the enormous amount of untrusted infrastructure needed to transmit those keys to a cloud service.
"The "phone as second factor" has terrible usability. Apple isn't interested in it."
Congratulations. You win the "most wrong thing said on Slashdot today" award.
https://support.apple.com/en-a... [apple.com]
https:/ [apple.com]
Re: (Score:2)
From one of your links :
"Synchronisation security
Passkeys were designed to be convenient and accessible from all devices used on a regular basis. Passkeys sync across a user's devices using iCloud Keychain."
Apple has quite a different idea of the preferred way of use than the FIDO old guard. Phone as second factor on your laptop has terrible usability.
Re: No cross device sync (Score:1)
The phone is not the second factor on your laptop. Your laptop is.
Re: (Score:2)
Because the passkey is synced. If the user had to register multiple device bound passkeys they would just stick to passwords, which are synced across devices.
Without sync, passkeys are a step back in usability ... Apple isn't interested in that.
Re: (Score:2)
FIDO just wants to use secure domains instead of USB keys and keep everything else the same sure, but Apple is far more relevant.
Apple wants cross device synced passkeys, Apple users will expect them to work, good luck trying to demand device bound passkeys ... who do you think you are, Apple? Even banks will just allow the synced passkeys, if you're not paying a salary it's Apple who dictates how you access their users.
Users want synced keys too, because fuck registering multiple keys for multiple devices.
Re: (Score:2)
You don't really need to export them, since you always need a backup way of accessing the account that you can use to log in on a new device. Recovery codes or authenticating with another device, or you could use a very secure password (and other 2FA mechanism).
The fact that you can't export them is part of why they are secure. They can't be stolen off your computer without multiple zero day exploits that break into the most secure parts of the OS and hardware. You can also store them on a hardware security
Re: (Score:2)
They way passkeys are being sold to us leaves such a bad taste in my mouth.
More secure, in general, than what a lot of people are currently using, and with fewer user interactions so it should ease adoption... sure.
Can't export them, but can put a copy on a yubikey, and work across multiple devices (the latter bit is from the article)... that just doesn't really add up to me. I get how it's implemented, but I don't trust it, especially when there are ways to get multiple copies of it out in the wild.
FWIW, I
Re: (Score:2)
You can't copy the passkey to a Yubikey. You can add a Yubikey to your account in addition to your phone or computer. I.e. you have two passkeys on your account.
You can also use your phone to authenticate your computer by scanning a QR code off the screen.
Re: (Score:1)
Effortless? (Score:2)
This makes it effortless to sign in to a Microsoft account without having to type a password in every time.
If I do 5 minutes of searching, will I get a similar quote about all their biometric login crap that still makes me put in a password / PIN every 3rd time because it cakes it's pants?
I'm so over Windows 11. Time to see if there's better support for my laptop under Ubuntu 24 than the last time I looked with 22.
Put ALL your trust in Microsoft (Score:2)
Sad.
What's really sad is that you find logging in to be sooo hard to do.
The bottom is really a lot lower than it used to be.
But don't worry, The American government put all their trust into Microsoft.... and that's working out great...
for the Chinese, the Russians, and Lower Elbonia.
Convenience has lead to fanatical avoidance of thinking or understanding.
No need to post anon. Another jab you deserve.