Watching an expert tech friend of mine struggle to understand why his computer with 1Password was letting him log in magically to a site, I was reminded of this conversation I had with Jessamyn West about passkey usability for ordinary people. Jessamyn is very steeped in tech and does tech support for folks in a rural library. She frequently writes really interesting stories about what her clients have trouble with. A useful touchstone into what the tech experience is like for ordinary Americans. She wrote a whole book about it!
Anyway, I wanted to capture a few of the things she said in response to an earlier blog post of mine complaining about passkeys. Here’s a link to the full Mastodon thread, some lightly edited quotes are presented here:
J: I am sorry you’ve had such a miserable time with passkeys but also kind of happy they are a shit show because they were so clearly going to be tough for people who are not computer system experts, don’t have reliable computer access (so might use a library) or have cell phone access instability. Maybe they’ll slow the roll-out. Thanks for sharing your experience.
N: when the tech works right it should be a much better and more secure experience!
J: Yeah I totally get that for the target audience. I think I get huffy when people have been breathlessly saying “This will solve online security!” when in point of fact it’s going to make it harder for at least one subclass of people for whom internet stuff is already pretty challenging.
N: what does that group of people do now for logins?
J: They usually have passwords that fit the requirements and write them down in books. Some of them don’t have mobile devices and so they’d have to get a phone call at a landline or get a message to their email which maybe they can’t check if they’re not at home. Which makes getting tech-support at the library fairly difficult. A lot of these people only use two factor authentication where it’s absolutely necessary.
Jessamyn has also written about a concept of “device continuity”, the idea that people own a digital device and all the data on it stays intact or is migrated with upgrades, replacements, etc. That’s a luxury not everyone has. Phones break, get lost, stolen. So much of our digital authentication assumes that people have a secure device that they will have access to continuously. Things like passkeys don’t work nearly as well if you don’t have that.
Nelson's log 