Oddbean new post about | logout
 Seems that people are getting sour  about passkeys: 
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
which is a shame IMO. I agree with the criticisms but still prefer them to email+pw. 
 Very interesting. I'm sorry to hear the browser big tech vendors are shitting it up, but I'm still hopeful. The root problem seems to be the apple/google browsers and key managers. 

I agree with the author that using a third-party key manager with Passkey support like Bitwarden is the way to go. It's not perfect but still much better than using passwords. I guess we'll see, for now I'll still support Passkey or any other passwordless auth whenever I can.  
 Yes to everything in this thread. Passkeys sound nice on the surface but I am very skeptical of the protocol complexity and perverse incentives of big tech companies driving the effort.

I believe nostr is the best model but we have so much more work to do to properly secure, make available for signing, and rotate private keys.

Also, one last thought. The kid in the interview is exploiting boomer information asymmetry. The folks getting hacked A) trust random strangers on the phone and B) have little or no awareness of the security models they are operating under. The hacks will continue until a generational shift occurs that closes these gaps. This will absolutely limit the growth of cryptocurrency and bitcoin in particular. You witness this phenomenon in action every time someone voices the belief that crypto is all scams. These people are directionally correct, but they don't understand the root causes. They also don't understand the extent to which the legacy financial system is all scams. It will take a long time for these biases to fade. Mostly, it will happen one death at a time.