a password, and the concept, are also easier to comprehend. passkeys for most is just fairy dust and magic.
another consideration is something you have or something you are are different from something you know. phishing and hackers or scammers are not the only dangers to protect yourself from.
I suspect this is why Microsoft is forcing users into it. Not that I agree with or am defending that decision.
I can’t stand being forced into magic link email logins which are designed to also deal with phishing. Takes longer to login compared to Passwords+TOTP or Passkeys and email isn’t exactly private for the majority.
They aren’t magic. Its the same cryptographic signature primitive seen in applications like PGP or blockchains/cryptocurrencies.
I agree to most users they feel magical and are more difficult to reason about. You still “have” a private key stored on the device, but its invisible to the user, so it’s not something you “know”.
a password, and the concept, are also easier to comprehend. passkeys for most is just fairy dust and magic.
another consideration is something you have or something you are are different from something you know. phishing and hackers or scammers are not the only dangers to protect yourself from.
I suspect this is why Microsoft is forcing users into it. Not that I agree with or am defending that decision.
I can’t stand being forced into magic link email logins which are designed to also deal with phishing. Takes longer to login compared to Passwords+TOTP or Passkeys and email isn’t exactly private for the majority.
They aren’t magic. Its the same cryptographic signature primitive seen in applications like PGP or blockchains/cryptocurrencies.
I agree to most users they feel magical and are more difficult to reason about. You still “have” a private key stored on the device, but its invisible to the user, so it’s not something you “know”.