Brian Anderson (He/Him)InfoSec Pro speaking to just plain folks. Opinions are mine, or someone else's, but definitely not my employer's... He/him
βIf Iβm not imagined in your future, do I exist in it?β-Hodari Davis
Brian Anderson (He/Him)Once upon a time, I had conservative gun-hoarding friends who, when asked, would tell you they needed them in case the government turned its military on innocent civilians and citizens.
Itβs been a long long while since Iβve seen them, but Iβll bet those guns are still as clean and sterile as the day they bought them. Even on the days when a president unleashed the military on a whole-ass city.
#USPol
Brian Anderson (He/Him)@markwyner@mas.to I think the problem here is that βOne Key to Rule Them Allβ is a fine slogan, but actually a very difficult and impractical strategy to manage. Passkeys, digital and physical, need to be viewed as one part of a multipart solution including having alternate authentication/recovery methods, backup keys where possible, etc.
I love my yubikey, its reduced my overreliance on password managersβ¦it was great until I left it home while on vacation out of state. But having other secure authentication methods available blunted the impact somewhat.
The bigger problem is the uneven, inconsistent way passkeys are implemented in products. Itβs absolutely impossible to teach someone not already infosec savvy how passkeys work, because the UI from site to site, app to app, is so janky.
Brian Anderson (He/Him)@markwyner@mas.to also, btw, I support the βbuy two, register two, hide oneβ approach to hardware keys.
Brian Anderson (He/Him)Exponentially proportional if the AI conversation references surveillance products.