Whatever the fuck Google did with passkey credentials on accounts.google.com... - Random

joebeone, 4 months ago

Whatever the fuck Google did with passkey credentials on accounts.google.com seems to have resulted in some hardware security keys being no longer recognized, which is not good at all

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Image

Image alternative text

tychotithonus, 4 months ago

@joebeone
My attempts to get official attention on the "what the hell happened to straight security keys in Google land" problem have not landed so far. But /r/yubikey is full of people trying to figure out what the heck is going on. Even if it's "just" a UX problem ... it's a pretty bad one.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

chort, 4 months ago

@tychotithonus @joebeone @sleevi Is it only older keys, or does it effect new ones too? IIRC newer keys (FIDO2) send a hardware identifier that says what model they are and some security features rely on those identifiers.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

tychotithonus, 4 months ago

@chort
The UX issue appears to be that folks fundamentally expected security keys - even older / U2F-only ones - to Just Keep Working, instead of being partially converted to being "treated as" passkeys. But the root causes are still murky to me.
@joebeone @sleevi

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment