Join the Conversation

11 Comments

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. I’m okay with 2FA, and I can get behind this passwordless idea, in concept only.

    However, I absolutely will not install any company’s apps on my phone to accomplish this, and I categorically avoid 2FA that uses SMS because I don’t have mobile network coverage for large parts of my day.

    If companies that I do business with want to force 2FA or passwordless security like this, then they’re going to need to give me the hardware to do it.

    You don’t have free use of my phone just so you can save a bunch of money on your cybersecurity insurance, reduce your fraud losses, or gain some kind of BS industry security certificate.

  2. Oh HELL no!!!!! What happens if your phone is lost, stolen, not physically near you, or the battery is dead? Or for that matter, if you don’t have a mobile phone? I closed all my accounts at a bank last year because they were trying to force me to use 2FA (instead they lost a customer) and this is much worse than that. I hope people see this as the giant steaming turd that it is.

    The real problem is that so many people just refuse to use secure (long and random) passwords. And that’s a problem, but it is THEIR problem, not mine, and I will not be punished for their stupidity or laziness. My passwords are very long, very random, and contain letters, numbers and symbols. I do not need some half-baked scheme pushed by large companies that all have interests in selling mobile phones and/or the software that runs on them.

    I would say it’s fine as long as it’s entirely optional (because I will always opt out) but I have lived long enough to see too many formerly “optional” things become mandatory once enough suckers become comfortable with them. If they say that this scheme will always be totally optional, I will flat out call them liars. They certainly hope it becomes mandatory because one way or another, it’s more money in their pockets.

  3. Cool, they are going to force me to have a smartphone, why?. I despise these kind of practices when they are mandatory. They should make them OPTIONAL, because I don’t want to have smartphones anymore, just a regular phone to send/receive calls and sms.

    Shame on you companies!

    1. It’s really bizarre. I don’t see the point when windows 11 requires a TPM (which can store the relevant keys in a place where almost no one, including you, can mess with them), the keys are really stored on corporate servers anyway and it’s not like a PC can’t download them. Using that, or just a PIV smartcard (like a YubiKey), would be simpler, and likely much more secure.
      Do they think it’s not “secure” enough if even one of the user’s devices has an unlocked bootloader, like you can’t be trusted if you think you might at some point not want to be known by an unending record of your past mistakes?

  4. I don’t like the idea of being tied to Google services just to log into third party sites and apps.
    I’m sure Google loves the idea though.

  5. As convenient as using a yubikey or this other stuff that I don’t trust to sign in can be, I worry that they ultimately intend to kill off the use of passwords entirely.
    Social engineering corporations HATE the idea that someone could escape punishment. “Forgiveness” is not in their vocabulary. They would just love it if political dissidents only had one chance to not step out of line.
    And quite frankly, I think anything to do with biometrics is absurdly complicated compared to a yubikey. Honestly the only reason more people aren’t using them or other hardware tokens or smart cards is because they just can’t advertise as much as these corporations that can reap gigantic profits trying to obtain the face of every single user of one of their services.

  6. how to restore passkeys from the cloud to new device because you have lost the old device, if you need that lost device with passkeys to connect to the cloud in order to restore passkeys to new device because you have lost old device?

    secret question that is easily hacked? or how about installing an armored door one a wall than can easily be broken just near the door…

  7. all these phone based first/second factor authentication schemes need to stop… use a damn hardware token, or stop.

  8. For me I feel passwords work just fine and I’m not interested in being without them. Just having two devices around all the time sounds like a hassle. But I can see it being good for some people, especially those who have trouble remembering due to physical disorders and such. The big question though, is this open enough to work on my Linux phone? Or is it just another app/thing that will perpetuate the current smartphone OS duopoly?

    1. Mainstream idiots are driving smart people to their side. Sadly, it’s a matter of quantity not quality.