retro.social is part of the decentralized social network powered by Mastodon.
A social network for the 19A0s.

Server stats:

25
active users

Learn more

Charles U. Farley

Killing all my with fire. What an awful user experience, especially the fact that you can't use a device with a passkey for a site as a second factor for that same site, just one or the other, meaning if you're on a device that doesn't support passkeys, you have to fall back to MITM-able TOTP or have a second device for U2F.

And I'm sure as heck not going to use my password manage for U2F, because the whole point of MFA for me is so that even if someone compromises my password manager they still can't get into my accounts. Putting passkeys in there instead of using MFA defeats the whole purpose.

The reason, of course, is that my use case for PassKeys isn't one that Big Tech actually cares about. They want to avoid phishing and password reuse while "inadvertently" making you even more dependent on them. Hardware passkeys do this, but support for them is atrocious, because almost nobody actually uses physical tokens even though IMO they're the only valid approach aside from embedded passkeys that cannot be synced.