Passkey hype and dangers (e.g., Google)
And I'm going to say this again: Poorly implemented passkey systems --
such as that currently in place by Google -- are security disasters
that will most affect persons already most at risk. Google's
implementation for example uses the device authentication as its
passkey authentication, and when users with (as is so common) weak
device authentication use passkeys, those passkeys are all at risk.
Google says on balance this is fine. Google has a long, long history
of treating significant segments of their user population (especially
nontechies, older users, etc.) with barely veiled disdain, and this is
making it worse. I've fought this from the outside and (when I've
worked inside Google) from the inside, to no useful effect. -L
- - -
--Lauren--
Lauren Weinstein
lau...@vortex.com (https://www.vortex.com/lauren)
Lauren's Blog: https://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Mastodon: https://mastodon.laurenweinstein.org/@lauren
Pebble (formerly T2): https://pebble.is/laurenweinstein
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility
Tel: +1 (818) 225-2800
_______________________________________________
nnsquad mailing list
https://lists.nnsquad.org/mailman/listinfo/nnsquad
