Perilous_Asteroid
Junior Member
- Joined
- May 11, 2011
- Posts
- 22
I logged in for the first time in a while and saw that AFF now supports passkeys! The help text in Account > Password and Security states, “Passkeys are a secure replacement for passwords, allowing you to use biometric or device-based authentication to access your account”, which matches my previous understanding.
I setup a passkey, but I can’t remove or disable my password. Am I missing something? It seems like the most secure option would be to let me remove my password and other 2FA on the understanding that I need to back up my passkey (e.g. to a password manager), otherwise I’ll get locked out.
Right now, the passkey is just an alternative way to login akin to setting up Google authenticator and SMS 2FA options, then selecting which 2FA method to use each login attempt. With password login still allowed, the security benefits of passkeys aren’t being fully realised.
I setup a passkey, but I can’t remove or disable my password. Am I missing something? It seems like the most secure option would be to let me remove my password and other 2FA on the understanding that I need to back up my passkey (e.g. to a password manager), otherwise I’ll get locked out.
Right now, the passkey is just an alternative way to login akin to setting up Google authenticator and SMS 2FA options, then selecting which 2FA method to use each login attempt. With password login still allowed, the security benefits of passkeys aren’t being fully realised.
