Dan Moore

Yeah. I mean, there's definitely, there's a couple of kind of things to think about with pass keys. One is like how you set them up. First of all, kind of the registration process is a little bit weird and can kind of differ. And depending on the pass key, it might be tied to a physical device. It might be tied to an account. Yeah.

Yeah. I mean, there's definitely, there's a couple of kind of things to think about with pass keys. One is like how you set them up. First of all, kind of the registration process is a little bit weird and can kind of differ. And depending on the pass key, it might be tied to a physical device. It might be tied to an account. Yeah.

you know if you're worried about people correlating things across like oauth or oidc you know the same thing is happening with past cases that are shared or if it's device specific then now you're kind of tied to the device and then kind of i think the user experience is uh for actually logging in is pretty good um it does you don't have as much control as a

you know if you're worried about people correlating things across like oauth or oidc you know the same thing is happening with past cases that are shared or if it's device specific then now you're kind of tied to the device and then kind of i think the user experience is uh for actually logging in is pretty good um it does you don't have as much control as a

the the thing that you're logging into the app you're logging into doesn't have as much control over like the the look and feel or the messaging or anything like that and that can be problematic too but the beautiful things about pass keys are they are locked down in two ways right they're locked down to the device or the system that holds the private key that is actually kind of generating the challenge and like solving the um basically

the the thing that you're logging into the app you're logging into doesn't have as much control over like the the look and feel or the messaging or anything like that and that can be problematic too but the beautiful things about pass keys are they are locked down in two ways right they're locked down to the device or the system that holds the private key that is actually kind of generating the challenge and like solving the um basically

I can walk through kind of how pass keys work if that'd be helpful. But anyway, there is a private key that is held someplace and that is what's used to kind of authenticate you. And they're also locked down to the domain, right? They're associated to a domain, which is really, really great too, because it removes all kinds of phishing problems, right?

I can walk through kind of how pass keys work if that'd be helpful. But anyway, there is a private key that is held someplace and that is what's used to kind of authenticate you. And they're also locked down to the domain, right? They're associated to a domain, which is really, really great too, because it removes all kinds of phishing problems, right?

Like because you're trusting the computer to recognize the domain rather than the user looking at the UX or looking at the URL bar. And computers are much better at comparing, you know, character by character and making sure that things are all, all correct. So there's, there's two kinds of security benefits for pass keys for sure.

Like because you're trusting the computer to recognize the domain rather than the user looking at the UX or looking at the URL bar. And computers are much better at comparing, you know, character by character and making sure that things are all, all correct. So there's, there's two kinds of security benefits for pass keys for sure.

It's a lot, okay? Sure, sure.

It's a lot, okay? Sure, sure.

So Adam, I'd love to probe that a little bit more because to me, you know, some of this just may be because growing pains of pass keys, right? Like usernames and passwords have been around for a long, long time. And even now there's still, you know, some wrinkles, like sometimes people will ask for your password.

So Adam, I'd love to probe that a little bit more because to me, you know, some of this just may be because growing pains of pass keys, right? Like usernames and passwords have been around for a long, long time. And even now there's still, you know, some wrinkles, like sometimes people will ask for your password.

your username first right and that's so they can direct you to the right um identity provider if you're you know whatnot but like past keys it feels like it you know they were just codified in like 2019 right and so that is not new but it's still being kind of rolled out so you think some of us just can get shaken out in terms of like the right ux or

your username first right and that's so they can direct you to the right um identity provider if you're you know whatnot but like past keys it feels like it you know they were just codified in like 2019 right and so that is not new but it's still being kind of rolled out so you think some of us just can get shaken out in terms of like the right ux or

I want to get what I came here for, right? Exactly. Exactly.

I want to get what I came here for, right? Exactly. Exactly.

i didn't want to say like i don't think it's just for security that's the that's not the only reason that that um new orgs are or that past kids are getting kind of pushed i think it's also a user like they've done studies that it just gets you into the app faster um there was something i'll share the length but this person referenced a microsoft study that said that the average time to log in went from

i didn't want to say like i don't think it's just for security that's the that's not the only reason that that um new orgs are or that past kids are getting kind of pushed i think it's also a user like they've done studies that it just gets you into the app faster um there was something i'll share the length but this person referenced a microsoft study that said that the average time to log in went from