

1·
7 days agoI’m still skeptical about passkeys. Tying your auth to a specific physical device feels like a recipe for being locked out (as has happened to many people at work already…requiring me to remove their passkey so they can get back in to their account…)
This is how someone cracked Okta a few years back: https://medium.com/@rajat29gupta/bcrypt-and-the-okta-incident-what-developers-need-to-know-9d13a446738a