I just noticed that you can now login to this (discourse / discuss / dis-something) server.
I added it in under my user settings, tested it, and it was easy peasy.
1 Like
Still not sold on them, so I am not jumping to change it. Plus, not sure I care if I get hacked here anyway. 
I still find passkeys kind of confusing, despite having used them for the past year. I tried to educate myself and read some articles, but it just seems easier to us a password with 2FA.
2 Likes
I use them on a small handful of sites.
The implementation here was clean and easy.
1 Like
they’re just private key / public key pairs that are stored in your password manager of choice
1 Like
I am aware, but they seem to require me to sometimes to have to use them, sometimes not. I have to set them up across different computers, with different OSs, so I tend to just different accounts. I think if I used one computer, all day every day, they would make sense to me, but I have to think about it. Passwords with authentication apps are easier for me.
Much like passwords, you can use a password manager like Keepass / Strongbox or Bitwarden and have passkeys sync and work through all operating systems. If you use the Apple Passwords app, passkeys would work across all your apple devices.
1 Like
Again, I know that, they just don’t seem to work that way in reality. I have passkeys set up, yet sometimes I get requests for a password anyway. Some sites support passkeys, some don’t. I thought I was misunderstanding something about them, so read up on it. They sound great, but they just don’t work as well as they are supposed to. At least that is my take on it. I could be doing something completely wrong with them, but they don’t seem so great to me.
On the other hand, I thought it was just me, but I have seen other people say the same thing (we had a thread about it here sometime in the last year).
Passwords/2FA just seem easier to me, so I just use those most of the time unless a site really wants to use passkeys. You can tell me until you are blue in the face how easy and great they are. I don’t agree.
1 Like
It seems easier to still use a password + 2FA because passkeys have not been properly implemented everywhere just yet – here and there, they are just a replacement for the 2FA code, which was not the original intent, and this is likely to change with time as people get more educated and as passkeys are rolled out on more sites. Where they work as intended – Gmail, for example – I can log in to Gmail, even in an incognito window, using the passkey as the primary authentication method.
NB. All Discourse-based sites (DEVONthink forums, Obsidian forums, etc.) support passkeys.
Tip of the day: On some sites, even when passkeys are not mentioned explicitly in their security settings, they can still be added by adding a ‘(hardware) authentication key’. Password managers such as Bitwarden will handle this properly.
2 Likes
And Google and Apple passkeys seem to work within their realm. But I don’t live in those realms. Microsoft might support passkeys, I don’t remember, but MS products always want me to use their authenticator app. Discourse supporting it is very much in the who cares category for me. I log into this account once a year if I was logged out for some odd reason. When I do, 1Password or Apple Passwords fills it in for me, it’s easy.
I was told a couple of years ago that passwords were going away. That does not seem to be the case at all in my life. Although a bunch of sites don’t have passwords at all now. They send you a link when you want to log in. I don’t love that, but that is getting more and more common for me.
I think it’s great that passkeys can be used in websites like this forum, simpler and with -hopefully- less critical information so we can all get used to them and test if they fit our needs or not.
1 Like
The sooner we get to passkeys everywhere, the better. Easier, safer. Total no brainer.
1 Like