Big Tech passkey implementations are a trap | Proton

Not commenting on the merits of the blogpost’s arguments, but Proton is selling their own product here too

If I can't add your passkey to my Bitwarden vault, I'm not using your passkey.

It seems no matter what new advancements we make in technology the big tech companies seek nothing more to implement it in a way that benefits themselves. Regardless if it means fucking over the consumer.

I really hate what the internet has become over the last couple of years.

Is this an ad?

Not surprised,

Google too nowadays.

There's a reason why they removed their company motto "Don't be Evil"

I am not using passkeys until it's possible to easily migrate them between providers (not just devices / browsers). If I used Proton Pass, and then later decided to use another password manager, could I export my passkey data?

Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.

I wonder if there could be any bias in Proton claiming their product is the best

Better yet: use a hardware 2FA token that supports passkeys

When vaultwarden supports this I’ll play ball. If I don’t have control over my authentication methods, then they aren’t my authentication methods.

The way Apple or companies like Paypal implement two-factor authentication, let alone passkeys, drive me up the wall. This all could have been so much better.

I’m not even going to mention all the platforms that rolled out passkey creation support, but not passkey login support, for whichever damn reason

I'm well versed in IT security, and even with (or because of) my knowledge, I still haven't looked deep into setting up passkeys on my services. Just because it's such a clusterfuck of weird implementations.

I can't imagine being a normal consumer and wanting to set them up. The poor support teams having to support this...

And I'm managing at least one service at work that could totally benefit from passkey integration. The headache of looking into how to properly implement them is just way too much

Lock downs are pretty much a hard pass for me. Anything I buy, I research, and if there's even the slightest hint of BS incompatibility, it's simply a no go.

Yeah I've avoided passkeys. Anything that Google is pushing to me is always in their interests.

I noticed that recently every post on Proton's blog has been an advertisement of their services.

They are hypocrites.

A few days ago they posted that corporations are bad because they collect fingerprints, profile users, etc., yet they are no better, as their mobile apps rely on Firebase Cloud Messaging (FCM) owned by Google to deliver notifications to their users.

In 2020 they wrote that they "may offer alternative push notification system", but apparently shitting on corporations is easier than making actual changes. Four years ago.

Could someone ELI5 (if possible) what passkeys actually are?

I'm very excited for the concept of passkeys, but indeed it is a bit of a mess right now. Android password managers can't use passkey inside other apps, basically limited to just the browser. I hope it all gets sorted soon and everyone sticks to an open standard compatibility.

I want to be able to export my passkeys and take them with me to any other chosen passkey manager.

Passkeys sound great. Where's the support for Firefox, Proton Pass? Bitwarden has it.

Any example of websites where I can try passkeys? I have both bitwarden and Proton pass to test out

what are passkeys? like biometrics fngerprints or facisl recognition you mean?

This is basically an ad.

The ad makes some good points, but they also make them sound more severe than they really are. Transferring passwords between password managers , including the password managers built into operating systems has always been a pain in the ass and passkeys don’t change that. Even the product this ad is for doesn’t make transferring passkeys between managers significantly easier. It is merely a cross platform password and passkey manager and those already exist too.

told ya so, i got downvoted for being skeptical of this shit.

if google or similar is pushing it, is should NOT be trusted! lets NOT, please!

Jokes on them: If they allowed passkeys on iOS 16 or have let the iPhone X update to iOS 17, I most likely fell for it, now I have only some 2FA keys that I need to pull from keychain (have no macOS)