Comment by LexGray

Comment by LexGray a day ago

Passkey lock in appears to be a temporary issue. One of the WWDC announcements was that the FIDO alliance worked out a way to securely port passkeys between platforms. I expect Google to adopt import and export before year end.

I believe the issue Google is attempting to solve is frustration when a single web page spams multiple permissions requests. (Location, camera, microphone, advertiser tracking, notifications, privacy policy agreements, terms of service, etc…). The benefit to Google is better fingerprinting when a single sheet allows all at once.

Edit: perhaps they will sneak in a Google automatic login as a permission to smooth user interactions.

josephcsible a day ago

It's not temporary. The whole point of attestation in the passkey spec is to make lock-in permanent.

Reply View 7 replies

skybrian a day ago

Could you explain more? For Apple, the web page I found seems to be an enterprise thing:
https://support.apple.com/guide/deployment/passkey-attestati...

Reply View | 6 replies
- josephcsible a day ago
  
  That's the "cover story" use case. The real use case is so that passkeys created on Apple devices can only ever move to other Apple devices, and ditto for on Microsoft or Google devices, and the real point of attestation is so that they can force you to use theirs by cryptographically ensuring that you're not using open-source ones like KeePassXC.
  
  Reply View | 5 replies
  
  skybrian a day ago
  
  But the whole point of this new standard is to allow passkeys to be portable:
  https://arstechnica.com/security/2025/06/apple-previews-new-...
  
  Reply View | 4 replies