Who is responsible for preventing a child from running into a busy road and being hit by a car? And why, on the internet, does that responsibility seem to fall on everyone else?
Shouldn’t Windows just show a huge warning explaining the implications of such actions when a user who has never used the Windows Run function nor PowerShell suddenly attempts to run some suspicious code pasted form the clipboard?
Yes, WebAuthn is an open standard, but it seems that Passkeys can only be synced using Google password manager and I don't see any API that would allow the user to use a different password manager as is the case with the auto fill API.
Do you know if it's possible to see a list of stored passkeys in Android? I installed the Play Service beta, managed to create a passkey and sign in, but can't see the list of credentials anywhere in the UI.
I think that once users realize how difficult it is to transfer passkeys between their PC and mobile device, they will just ababdon them. The only risk I see is that passkeys will be synced between Android and Chrome.
I really hope that there will be an API for Passkeys like there is an API for password managers on Android.
DNS has known privacy issues, but this solution just (conviniently for them) shifts trust and data from the network operator to Google DNS or another central provider