I think "right" can vary. there are many reasons why sites may choose to offer one experience vs another.
Things like the autofill UI are optional capabilities that site owners can choose to use when it makes sense for their product.
ah yes! I knew your name sounded familiar ๐
that's completely reasonable and many of those folks are likely already using a credential manager of their choice.
I'm not trying to downplay this concern for the record. I just don't think it is part of the general "users don't know what passkeys are" sentiment / observation.
link?
If you don't use a cross-platform one, such as Apple Passwords, you can still authenticate cross-device to any other device using your phone.
This isn't completely correct.
If you use a cross-platform credential manager (aka pw manager), your passkeys will work on every device where you install it.
This includes Google Password Manager (the default in Chrome and on Android), 1Password, Bitwarden, etc.
Breaking: HHSโs ban on gender-affirming care is struck down. Rarely have I read a ruling this sharply worded.
โThis case is one of a long list of examples of how a leaderโs wanton disregard for the rule of law causes very real harm to very real people.โ
www.advocate.com/politics/nat...
I have a drafted blog post in response to this that I still haven't published. I'm so sorry.
what do you mean by "everyone has their own passkey"?
sure but this isn't something the average user thinks about at this point in time.
(but Android has the same API in beta)
of course. but I don't think regular users need to ever know that kind of detail.
Most users still have no idea what Bluetooth is besides it making their headphones work. And it's been decades.
unfortunately this is on 1Password to address but the good news is that they are *finally* working on it, and have started to release betas with the fix.
Traditional Android (GMS + OEM supported build) should be quite smooth. I'm surprised to hear that.
yeah, this one is known and they're working to address it.
The challenge is that many password managers don't integrate correctly, causing this "grab effect". Once they integrate correctly, it's a delightful experience. The good news is that the top credential manager vendors are currently working on doing this correctly, with many in beta.
not sure I really follow
yes, the Amazon implantation has challenges. They are working to remove the additional challenge for most sign in ceremonies.
these are not pre-requisites for passkeys.
Windows is rolling out synced passkeys via Microsoft
Google Password Manager works on every platform.
Apple Passwords can be used on Apple devices directly, and cross-device to non-Apple devices.
It's an open ecosystem. You can choose any password manager you want.
Cross-device authentication was designed exactly for this scenario (the "QR code flow")
Capital One, Wells Fargo, Truist, Revolut, US Bank, Ubank....
I'll push back on this a bit. Most consumers have no idea what a security key is. If they did, we probably wouldn't have pivoted the ecosystem to passkeys.
unfortunately some password managers don't integrate properly into devices which lead to this experience, but it's slowly getting better. Which one do you use out of curiosity?
many large banks have rolled out passkeys.
why does the average user need to differentiate them beyond setting one up?
This will come slowly over time. Most people have no idea what Bluetooth is or how it works, just that it makes their headphones work. and that took some time b
we struggle with who should be educating users. no one can make a site show more information. Consumer news outlets have covered them over the past year or two to try to help inform the "average user".
Overall, the opt in rates for passkeys are quite high.
(sorry I saw your reply before the original messages. that's what my response was based on)
how else do you suggest addressing this? Who should be responsible? There was no one party who educated users on how to use things like TOTP. It was the sites who decided to use that authentication method.
Ultimately it's the website's choice what to ask you for.
Passkeys are the replacement for passwords (and things like SMS), but that can take time so some sites have a slower transition to exclusively passkeys.
it's saved in either the default password manager on your device or the one of your choice. When you create one, the device tells you where it's being saved (if you have more than one password manager, it will so you).