• MoogleMaestro@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    28 days ago

    Would love for you to describe exactly how it’s more complicated.

    “More” is relative, ofc, so YMMV on whether you agree with me or not on this.

    But the problem with pass key is that it has all of the downsides of 2FA still – you need to use a mobile device such as a cell phone, that cell phone must be connected to the internet and you often can’t register a single account to multiple devices (as in, there’s only ever 1 device that has passkey authorization.)

    This isn’t an issue with ssh keys, which is a superior design despite it not being native to the web browsing experience. SSH keys can be added or removed to an account for any number of devices as long as you have some kind of login access. You can generally use SSH keys on any device regardless of network connection. There’s no security flaws to SSH keys because the public key is all that is held by 3rd parties, and it’s up to the user in question to ensure they keep good control over their keys.

    Keys can be assigned to a password and don’t require you to use biometrics as the only authentication system.

    I feel like there’s probably more here, but all of this adds up to a more complicated experience IMO. But again, it’s all relative. If you only ever use password + 2fa, I will give them that it’s simpler than this (even though, from the backend side of things, it’s MUCH more complicated from what I hear.)