Mastodon Feed
Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
dymaxion@infosec.exchange ("Eleanor Saitta") wrote:
Still really genuinely angry at how much the passkey rollout has fucked up the flows for anyone using a security key.
Fuck forcing people to set pins on hardware tokens. Fuck defaulting to allowing a hardware token to log in without the password. Fuck making every mobile device you own a first class token and making login attempt spam a thing again.
I get that passwords are broken. I don't have a problem with the idea behind passkeys as such for less-technical users (although fuck vendor lock-in and non-portable credentials), but do not fuck over technical users trying to protect critical systems by breaking their workflows or destroying basic security primitives.