262
Passkeys might really kill passwords
(www.theverge.com)
This is a most excellent place for technology news and articles.
That's something, but isn't half the benefit meant to be storing them in the TPM? Also, that won't help if you're logging into a game or app, surely? Would love to be wrong on that, of course.
Many apps now do the 'app opens the browser for login' process instead of having the login in their actual app. They don't have to implement all the different ways to log in then, they can just use the same system that their normal account management stuff on their site uses.
You can get greater security with hardware-backed solutions like a TPM but the adoption rate was not great. I think the goal is to improve things over passwords, even if the credentials are then available on multiple devices via a sync or a password database file. Perfect being the enemy of good and all that. Hardware options still exist and you can still use them; they use the same WebAuthn standard that passkeys use.
Yeah, I personally will only use hardware solutions for passkeys -- YubiKeys and TPM-backed WHFB creds.
But the other reply makes a very good point about adoption being more important than perfection since, even with software-backed passkeys, you still have the benefit of the secret never leaving the client.
MicroG has added support for passkeys already