We all struggle with lots of passwords, often forgotten, reused or leaked. Passkeys promise to free us from both the hassle and the breaches. But will they solve authentication, or are they failed by design? A deep‑dive into convenience, control, and everything between.
Passkeys are designed to replace passwords. All you need is your phone or hardware token, meaning you have to remember only one password at most. But isn't that the promise of password managers? Although they fulfil a similar role, password managers usually use classic passwords, making them seem like an interim solution on the way to more secure authentication. Wouldn't it be great to get rid of passwords once and for all and switch to passkeys?
While passkeys promise a passwordless future, the reality is far more complex. User reluctance, questionable usability and corporate interests are making the case for passkeys increasingly difficult. So let's delve into whether passkeys do make sense from the perspective of both professional and regular users.
This talk is not a technical deep dive into passkeys, but rather addresses the issues of IT management & IAM and whether secure "passwordless" auth can work in the real world. The aim is not to give a bureaucratic or opinionated talk, but to open a discussion about enshittification and whether auth (doesn't) work(s) for both regular and pro users.