Don't use passkeys for encrypting user data
A stark warning against a burgeoning trend, this post argues that using passkeys' Pseudo-Random Function (PRF) extension for encrypting user data is a dangerous anti-pattern. It highlights the critical risk of irreversible data loss when users, unaware of the tight coupling, delete their passkeys. The discussion on Hacker News delves into the nuances of user experience, data recovery, and the broader implications for security and control in the digital ecosystem.
The Lowdown
Tim Cappalli sounds an alarm against a growing practice: leveraging passkeys' PRF extension to encrypt user data, particularly for end-to-end encryption and backups. He argues that this approach dangerously overloads an authentication credential, creating a massive 'blast radius' where deleting a passkey can lead to the permanent loss of sensitive data.
- The Core Problem: Passkeys, designed for phishing-resistant authentication, are being used to derive encryption keys for data like message backups, crypto wallets, and documents.
- User Experience Failure: Users like 'Erika' are unlikely to understand that deleting a passkey means irrevocably losing access to their encrypted data, as current UIs provide insufficient warnings.
- Legitimate PRF Use: The author acknowledges valid uses for PRF within WebAuthn, such as securing credential managers, which typically have robust recovery mechanisms.
- Urgent Calls to Action: Cappalli implores the identity industry to cease promoting passkeys for data encryption, asks credential managers to implement explicit warnings, and urges services that must use PRF for encryption to provide comprehensive user education and clear documentation.
In essence, the message is clear: let passkeys be excellent authentication tools, but protect users from the unintended consequences of using them as sole encryption keys for critical data.
The Gossip
Passkey Pitfalls & Perplexity
Many commenters express frustration and confusion with passkey management, echoing the author's concern about user understanding. They highlight issues like accidentally creating passkeys, not knowing where they are stored, and generally feeling out of their depth. This sentiment suggests that the technology, while promising, still has significant usability hurdles for the average (and even technically proficient) user.
Accountability & Analogies
A recurring debate revolves around whether the problem lies with the passkey implementation or user behavior. Some argue that deleting an encryption key always leads to data loss, regardless of whether it's a passkey or a password, implying user responsibility. Others counter that the seamless, 'forgettable' nature of passkeys makes this particular risk more insidious, as users might not perceive them as critical data keys.
Mitigation & Multi-Key Methods
Commenters propose various solutions and alternative approaches to the problem. Suggestions include making encryption keys redundant, linking them to account recovery processes, or using multi-recipient encryption schemes like `age` that allow multiple passkeys to unlock the same data. There's an underlying agreement that better design and explicit user control are necessary if passkeys are to be involved in data encryption.
Control Concerns & Conspiracy Theories
A segment of the discussion veers into broader concerns about passkeys as a mechanism for corporate or state control. Some commenters express fears that hardware attestation, a feature of the passkey standard, could eventually lead to vendor lock-in or restrict users from running open-source operating systems, effectively turning passkeys into a 'trojan horse' for controlling computing environments. This perspective sees a darker agenda behind the technology's widespread adoption.