Ricky Mondello @rmondello@hachyderm.io
Public

A lot of feedback I’ve gotten on my post about passkeys from yesterday is about fears around a passkey sync provider account becoming “locked” or otherwise invalid.

If your passkey sync fabric provider can remotely nuke your saved passkeys from instances of the app running on your devices or otherwise make the data inaccessible, that’s genuinely horrible and unacceptable. I would never recommend a person use that software and cloud support. It calls peer-driven end-to-end encrypted sync and common sense into question.

Personally, I’d never use a passkey manager that had that property. I certainly wouldn’t contribute my time and attention to building such a manager. I’m also not familiar with a single passkey manager with that property. It is a serious leap to assume that sync being turned off deletes datas on devices or otherwise makes it inaccessible.

If a sync provider can delete your data from your devices, you don’t own your data. They do. If you cannot export your data from apps from that service to another app, then you don’t own your data.

These values that I hold personally are why I’m proud to work with individuals in standards bodies to design and build out data export and import. My recent conference keynote about passkeys took a long moment to celebrate the industry-wide collaboration to ensure people always own their data, even if they switch apps or platforms.

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://hachyderm.io/users/rmondello/statuses/115736554209673309 on your instance and quote it. (Note that quoting is not supported in Mastodon.)