this post was submitted on 20 Jan 2025
879 points (98.2% liked)

Technology

60694 readers
4517 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
879
Stop Treating Phone Numbers As A Digital ID (notthesolution.substack.com)
submitted 2 days ago by formerlytomato@lemmy.sdf.org to c/technology@lemmy.world
168 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Kusimulkku@lemm.ee 24 points 1 day ago (2 children)

I'm already hearing about restrictions on exporting passkeys and some apps requiring that you're not running a custom ROM on Android and stuff like that. Makes me worried they're going to fuck that up and make it restrictive bs

[–] lmmarsano@lemmynsfw.com 2 points 22 hours ago

Passkeys or WebAuthn are an open web standard, and the implementation is flexible. An authenticator can be implemented in software, with a hardware system integrated into the client device, or off-device.

Exportability/portability of the passkey is up to the authenticator. Bitwarden already exports them, and other authenticators likely do, too.

WebAuthn relying parties (ie, web applications) make trust decisions by specifying characteristics of eligible authenticators & authentication responses & by checking data reported in the responses. Those decisions are left to the relying party's discretion. I could imagine locked-down workplace environments allowing only company-approved configurations connect to internal systems.

WebAuthn has no bearing on whether an app runs on a custom platform: that's entirely on the developer & platform capabilities to reveal customization.

[–] Korhaka@sopuli.xyz 6 points 1 day ago (2 children)

Why should my OS be any of their concern?

[–] RogueBanana@lemmy.zip 5 points 1 day ago (1 children)

From what I heard passkeys need google services framework for some reason. Don't know technical reasons behind it but I would assume its bs given its google.

[–] dracs@programming.dev 2 points 1 day ago

Yes, they don't work without Google Play Services. Google didn't implement passkeys in Android, only their own services.

[–] Kusimulkku@lemm.ee 2 points 1 day ago (1 children)

I'm living this pain with a custom ROM already, with some banking stuff, Google Wallet, WhatsApp passkeys and I think Netflix (haven't installed it) block you for tripping up Google's security tests.

If passkeys become a big thing and they'll start enforcing them and apps that have those security measures I'm going to fucking firebomb something. REEEEEE

[–] Korhaka@sopuli.xyz 2 points 1 day ago

Shit like this is why I don't have a smartphone anymore. I have a brick phone that half the time I don't even take out with me.