I never ever succeeded in making a passkey log in after generating one.

Killing autofill and saved passwords in Authenticator is a bold move, especially considering how many non-technical users rely on that feature without even knowing what a passkey is

This will be delayed. Anyone want to bet me?

And more importantly (for them), it's much harder to share a passkey than it is to share a password.

“Why GNU su does not support the `wheel‘ group

Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn’t know how to do that in Unix.)

However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group” feature would make this impossible, and thus cement the power of the rulers.

I’m on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.”

https://www.meisterplanet.com/journal/2004/05/09/richard-sta...

One thing unclear:

While I understand they want to transparently replace passwords with passkeys for websites that support it, what happens with passwords for websites that don't support passkeys?

Also, if someone sleeps over this, they will just lose their passwords to random websites and have to go through account recovery flows?

It’s also annoying that MS requires a personal account for backing up the Authenticator data to iCloud to ”provide an additional layer of encryption“.

That description makes little sense, and at least they could honor my paid business subscription (and back it up to there if they don’t trust iCloud).

Yes, Microsoft is the worst company ever.

...But this article headline is insanely misleading by not mentioning it's being migrated to Edge. To the point where I'd call it a smear crafted for maximum clickbait shock value. Nothing is being wiped, it's just being moved to a different app. Sure, there's good reasons to not like that app (it's the Internet Explorer sequel after all), but the story here is not as extreme as implied.

I would have thought password management will be quite important for a long while yet. Is MS simply dodging the responsibility? Maybe so they can't be leaned on by government?

This is missing an important piece of information. If I open Authenticator on iOS I see this message front and center:

> Autofill via Authenticator ends in July 2025 You can export your saved info (passwords only) from Authenticator until Autofill ends. Access your passwords and addresses via Microsoft Edge at any time. To keep autofilling your info, turn on Edge or other provider. (Learn more)

not sure the full Android feature set, but MS is moving their iOS autofill provider to the Edge app, which doesn’t mean I have to use Edge to browse, just changes which app hosts the passwords. I can still fill them using the native mechanism for any password manager to provide passwords to any password field.

Microsoft is not forcing anybody to adopt passkeys as far as I can tell. Although overall people should because passwords are quite frankly a broken idea. Almost as broken as the idiotic janky “we just emailed/texted you a code” bullshit that most sites do now instead of TOTP.