For years, the internet has been shrinking. Not in size, not in data, but in ownership. A vast, decentralized network of personal blogs, forums, and independent communities has been corralled into a handful of paved prison yards controlled by a few massive corporations. Every post, every “friend,” every creative work—
What would you propose replace passwords to not be susceptible to those things?
I personally like how secure and non intrusive passwords are, especially when using a self hosted password manager synced with git.
Passkeys are much better. Unlike what FAANG companies want you to believe, they do not have to be tied to a device. Use a password manager that supports them (BitWarden) and pretty much never get hacked again because of a password. Website doesn’t need to store anything that an attacker can use. No downside.
I’d much rather use a password and a two-factor auth via TOTP code. It’s fast, portable, I can store them on a variety of open source apps, and it’s very hard to hack. I don’t need to use a specific provider, or browser. Flexible and free.
Passkeys in their current implementation are comparatively a mess. Here’s an article that runs through many reasons why:
https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/