>So they aren't considering at all how easy is the autofill password feature with a password manager
Passwords are a nightmare for both users and service providers for a variety of reasons. And password autofill is a bandaid at best.
If I had a quarter for the number of times I've personally used a password manager to auto generate a password which was then either reject by the website due to absurd password complexity requirements, or had the password seemingly accepted but in reality silently truncated behind the scenes....
I know you're commenting on a Google blog post, but FWIW Apple acknowledges password managers/autofill in the "Deploy passkeys at work" talk from WWDC 2023:
"Let’s look at a side-by-side comparison of the experience of creating a new password versus creating a new passkey. As you can see, creating a passkey is significantly faster and easier than creating a password. Just Face ID and you’re done. Now that we’ve looked at creation, let’s compare the experience of signing back in. With a password, the user has to remember and type in the password. With a passkey, they just Face ID and they’re done. A password manager can help improve the experience, but even the best password manager can’t compete with the user experience of passkeys. You are used to having to make tradeoffs between better security and a better user experience. Passkeys achieve something rare: great security and a great user experience."
You're comparing a crappy password filter with an optimally implemented passkey thing, though. If the world's up for improving over status quo by rewriting all login prompts, the comparable options would be making password managers/autofill/autogenerated passwords work well everywhere (which'd be just some light tweaks here and there), or making passkeys work well everywhere (which is an entire new thing, and people would still need to deal with passwords because there's no way that they're disappearing in less than a couple decades).
Passkeys might (or might not) have other benefits, but ease of use is entirely a question of cherry-picking.
I’m not cherry-picking, I’m comparing the actual real-world experience of using password autofill vs. using a passkey.
The significantly better passkey sign-in UX that I’m talking about exists on all major platforms. And the UX is handled by browser and operating system APIs, so it’s not really something the app or website can mess up.
Also, any solution that still involves password-based login prompts would be worse than passkeys because passwords are still shared secrets, and password hashes would remain juicy targets for attackers in server breaches.
Passwords are a nightmare for both users and service providers for a variety of reasons. And password autofill is a bandaid at best.
If I had a quarter for the number of times I've personally used a password manager to auto generate a password which was then either reject by the website due to absurd password complexity requirements, or had the password seemingly accepted but in reality silently truncated behind the scenes....
I know you're commenting on a Google blog post, but FWIW Apple acknowledges password managers/autofill in the "Deploy passkeys at work" talk from WWDC 2023:
"Let’s look at a side-by-side comparison of the experience of creating a new password versus creating a new passkey. As you can see, creating a passkey is significantly faster and easier than creating a password. Just Face ID and you’re done. Now that we’ve looked at creation, let’s compare the experience of signing back in. With a password, the user has to remember and type in the password. With a passkey, they just Face ID and they’re done. A password manager can help improve the experience, but even the best password manager can’t compete with the user experience of passkeys. You are used to having to make tradeoffs between better security and a better user experience. Passkeys achieve something rare: great security and a great user experience."
Source: https://developer.apple.com/videos/play/wwdc2023/10263/?time...