↳ In-reply-to » I got promoted today to try using Passkeys on Github.com. Fine 😅 I did that, but I discovered that when you use your Passkey to login, Chrome prompts you for your device's password (i.e: The password you use to login to your macOS Desktop). Is that intentional? Kind of defeats the point no? I mean sure, now there's no Password being transmitted, stored or presented to Github.com but still, all an attacker has to do is somehow be on my device and know my login password to my device right? Is that better or worse? 🤔

@prologic@twtxt.net I’m speculating, but if I had to guess I’d say it’s probably asking for your user password in order to access some user keyring (or whatever your OS uses to manage user secret credentials) used to safely store your passkeys related data in order to do its passkeys /ME doing air quotes Magic™ … you could try with a different password manager to avoid said scenario.

Also, passkeys UX sucks.