Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. Uncategorized
  3. @simon Love your blog and super admire your work!

@simon Love your blog and super admire your work!

Scheduled Pinned Locked Moved Uncategorized
6 Posts 3 Posters 29 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • feoh@oldbytes.spaceF This user is from outside of this forum
    feoh@oldbytes.spaceF This user is from outside of this forum
    Feoh
    wrote last edited by
    #1

    @simon Love your blog and super admire your work!

    Just wanted to say that I take a bit of an issue with DHH's opinion on passkeys.

    His hot take is in fact a bit stale. Now, in addition to the platform lock-in option, you can choose a platform independent third party password manager like 1Password or even BitWarden and access your passkeys on all your devices and platforms!

    I think it's an important distinction because I see passkeys as a good solution to the myriad problems with passwords for auth.

    simon@fedi.simonwillison.netS 1 Reply Last reply
    0
    • simon@fedi.simonwillison.netS This user is from outside of this forum
      simon@fedi.simonwillison.netS This user is from outside of this forum
      Simon Willison
      replied to Feoh last edited by
      #2

      @feoh yeah, I saw this the other day: https://9to5mac.com/2024/10/14/new-passkeys-import-export/

      I think his perspective as quoted still stands though: passkeys have a significant usability problem for many people right now who don't have a fully formed mental model of how to use them across multiple devices

      Just because it's possible doesn't mean people can figure out how to do it!

      simon@fedi.simonwillison.netS 1 Reply Last reply
      0
      • simon@fedi.simonwillison.netS This user is from outside of this forum
        simon@fedi.simonwillison.netS This user is from outside of this forum
        Simon Willison
        replied to Simon Willison last edited by
        #3

        @feoh as always, a quote doesn't mean I agree with the quoted opinion - but I do worry about passkey usability

        (I'm hyper-sensitive to usability problems with alternative login methods having been a big proponent of OpenID back in the day)

        M 1 Reply Last reply
        0
        • M This user is from outside of this forum
          M This user is from outside of this forum
          Matt Campbell
          replied to Simon Willison last edited by
          #4

          @simon @feoh What do you think about magic links sent via email?

          simon@fedi.simonwillison.netS 1 Reply Last reply
          0
          • simon@fedi.simonwillison.netS This user is from outside of this forum
            simon@fedi.simonwillison.netS This user is from outside of this forum
            Simon Willison
            replied to Matt Campbell last edited by [email protected]
            #5

            @matt @feoh I still don't fully understand the best practices for implementing those

            In particular, if I enter my email on my laptop and then click the link that it sends me on my mobile phone... what should happen?

            Signing me in on the laptop feels dangerous because what if I entered someone else's email address and they clicked "approve" by mistake?

            NOT signing me in on the laptop sucks, because that's where I'm trying to sign in

            simon@fedi.simonwillison.netS 1 Reply Last reply
            0
            • simon@fedi.simonwillison.netS This user is from outside of this forum
              simon@fedi.simonwillison.netS This user is from outside of this forum
              Simon Willison
              replied to Simon Willison last edited by
              #6

              @matt @feoh one workaround could be to sign you in instantly if cookies say you clicked the link on the same device, whereas if you don't have that cookie you get challenged to enter a code sent in the email

              But I'd like to understand if there's been a whole lot of research into the best way of handling this that I haven't seen

              1 Reply Last reply
              0

              Copyright © 2024 NodeBB | Contributors
              • Login
              • Don't have an account? Register
              • Login or register to search.
              Powered by NodeBB Contributors
              • First post
                Last post
              0
              • Home
              • Categories
              • Recent
              • Popular
              • World
              • Top
              • Tags
              • Users
              • Groups
              • Documentation
                • Home
                • Read API
                • Write API
                • Plugin Development