Glad to see another person who is not keen on the passkeys. I have the feeling it is being hyped and perhaps without good reasons. Therefore I was glad to share this blog post when I saw it on Mastodon. btw, the blog post author turns out to be the software developer of similar software like Authentik and Keycloak. In other words, not just the average Linux user :)
I really think that we should have just iterated on passwords. Switch to a PAKE and keep improving password-manager UX and pushing most users to auto-generated passwords. So much was lost by switching to a system that most users don’t understand.
When I search with a search engine for PAKE I don’t find anything useful. Got a link ?
I like your reasoning about just using passwords. However, my experience is that a scary amount of users are using the same rather weak password for lots of different accounts. And a still scary amount of users does get tricked into phishing emails. What I like for myself is have a bunch of security keys and use them as much as possible for important logins.Some applications allow for five different security keys to be configured.And this could theoretically also be a way to use 2FA within teams. One team person does the login, adds a key, then let’s the second team member put in their key and so on.