Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/glyph/statuses/113749450294265898">Glyph (glyph@mastodon.social)'s status on Wednesday, 01-Jan-2025 11:12:39 JST</a><a href="https://mastodon.social/@glyph" title="glyph@mastodon.social"><img src="https://gnusocial.jp/avatar/19724-48-20221108060713.webp" width="48" height="48" alt="Glyph" style="position: absolute; left: 0; top: 0;">Glyph</a><div><a href="https://mastodon.social/@mcc/113748414373116003" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/105710" title="whitequark@mastodon.social">✧✦✶✷Catherine✷✶✦✧</a></li></ul></div></section><article><p><a href="https://mastodon.social/@mcc">@mcc</a> <a href="https://mastodon.social/@whitequark">@whitequark</a> <a href="https://hachyderm.io/@dalias">@dalias</a> I think there is some validity to what you're saying—in particular, I think that passkey implementations could do a better job respecting individual autonomy and allowing individuals to provide input to their threat model, which the big vendors cannot have and is not universal.</p><p>But to the extent that "passkeys" are trying to do a thing, it's to solve a big *social* problem of password reuse and account compromise, which other solutions have demonstrably not addressed</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4285024#notice-8390999">In conversation</a><time datetime="2025-01-01T11:12:39+09:00" title="Wednesday, 01-Jan-2025 11:12:39 JST">about a month ago</time> <span>from <span><a href="https://mastodon.social/@glyph/113749450294265898" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@glyph/113749450294265898">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Glyph (glyph@mastodon.social)'s status on Wednesday, 01-Jan-2025 11:12:39 JSTGlyph
in reply to
@mcc @whitequark @dalias I think there is some validity to what you're saying—in particular, I think that passkey implementations could do a better job respecting individual autonomy and allowing individuals to provide input to their threat model, which the big vendors cannot have and is not universal.
But to the extent that "passkeys" are trying to do a thing, it's to solve a big *social* problem of password reuse and account compromise, which other solutions have demonstrably not addressed
In conversationabout a month ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice