Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PayPal is in charge of who they do business with, the same as any private enterprise. Stop trying to shoehorn the first amendment where it has no place.
Yes, they are free to choose whom they want to do business by creating freedom-destroying policies and attempting to force them on their user base. I'm fine with that. I'm still going to mock them ruthlessly every chance I get and point out that what I write or post on other platforms is really none of their business. Literally.
 
I like the idea of FIDO passkeys but am concerned they give my identity away.

I tried it with eBay and I see that it created an authentication key (in addition to the existing e/m and p/w based key) which has my real legal name as the username. I’m not keen on that given there are numerous online accounts where I use an alias.

I’ve not seen any real discussion that converting to FIDO passkeys gives away your real name (assuming you used it for your apple account). Would like to see some analysis on this.
They don't give your identity away. You choose your username. Or maybe the app decided the username for you, because it was programmed to do that. But the standard does not have anything to do with the username you choose. Someone or something chooses a username somewhere, then that username gets associated with a public key and private key pair. The standard does not care one bit about what the username is, it just cares how the key pair is handled.

Perhaps Ebay has to change the username for you because their server backend was programmed to do this during an upgrade to Passkeys. Many times people make web apps and they haven't sufficiently parameterized or abstracted the logic of components of the application, so to do stuff like this they needed to migrate your old account to a new account instead of just simply changing the authentication type.
 
  • Like
Reactions: kitKAC
They don't give your identity away. You choose your username. Or maybe the app decided the username for you, because it was programmed to do that. But the standard does not have anything to do with the username you choose. Someone or something chooses a username somewhere, then that username gets associated with a public key and private key pair. The standard does not care one bit about what the username is, it just cares how the key pair is handled.

Perhaps Ebay has to change the username for you because their server backend was programmed to do this during an upgrade to Passkeys. Many times people make web apps and they haven't sufficiently parameterized or abstracted the logic of components of the application, so to do stuff like this they needed to migrate your old account to a new account instead of just simply changing the authentication type.
I don’t think this is true.

My eBay login username wasn’t my real name, it was my email address.

My screen name was a unique alias too.

Yes, eBay has my real name on the account but I think the email as login u/n was replaced with my real name courtesy of passkeys.

I also just noticed something disturbing. After the Passkey was created, the old Keychain key with e/m u/n and p/w was next to the new Passkey in my Keychain. Just now looking for it I see it is no longer there (auto delete?).

So far I’m not too happy about this system and am going to stay with unique email addresses and p/w as login credentials.
 
Last edited:
I don’t think this is true.

My eBay login username wasn’t my real name, it was my email address.

My screen name was a unique alias too.

Yes, eBay has my real name on the account but I think the email as login u/n was replaced with my real name courtesy of passkeys.

I also just noticed something disturbing. After the Passkey was created, the old Keychain key with e/m u/n and p/w was next to the new Passkey in my Keychain. Just now looking for it I see it is no longer there (auto delete?), and this irks me greatly as i had a fully populated notes section in the now deleted key that was not copied over into the new passkey.

So far I’m not too happy about this system and am going to stay with unique email addresses and p/w as login credentials.
FIDO doesn't care about your username. Nowhere in the standard is that a thing. It just cares that your username is paired with a key pair. Doesn't care what is in the name.

Go ahead and try out the Passkeys demo here: https://www.passkeys.io/ and tell me it requires your name. Because it doesn't.

My guess is that it was replacing the credential, but there's nothing that says a username has to be one thing or another, except what the app allows for usernames. It was all the eBay app's doing.

If you still think FIDO did this, then find it on the FIDO site anywhere to support your assertions. https://fidoalliance.org/
 
I don’t think this is true.

My eBay login username wasn’t my real name, it was my email address.

My screen name was a unique alias too.

Yes, eBay has my real name on the account but I think the email as login u/n was replaced with my real name courtesy of passkeys.

I also just noticed something disturbing. After the Passkey was created, the old Keychain key with e/m u/n and p/w was next to the new Passkey in my Keychain. Just now looking for it I see it is no longer there (auto delete?), and this irks me greatly as i had a fully populated notes section in the now deleted key that was not copied over into the new passkey.

So far I’m not too happy about this system and am going to stay with unique email addresses and p/w as login credentials.
I set up a passkey with eBay and also noticed that the username was my real name instead of my screen name. But I know it wasn’t the passkey system giving it away because I use a shortened version of my name with my Apple accounts and devices (like Tim instead of Timothy) while eBay uses my full name. The passkey had my full name, not the short one.
 
This is going to sound dumb but I don't get an option to create a Passkey on the PayPal website. I'm running Ventura.
 
This is going to sound dumb but I don't get an option to create a Passkey on the PayPal website. I'm running Ventura.
Neither do I. Either they haven’t rolled it out yet or it is rolling out in waves and hasn’t hit our accounts yet.
 
Is this whole PayPal hatred thing politically motivated or did they actually do something wrong?
 
Is this whole PayPal hatred thing politically motivated or did they actually do something wrong?

The wording of the original release was vague enough to allow them to interpret "misinformation" or "other objectionable content" any way that they saw fit, with no recourse for you to appeal or get your funds back. A very real risk scenario might have been: a blog that you follow accepts paypal donations, and you add a comment that someone feels goes against whatever the narrative of the day is (vaccines aren't safe, Ukraine should be blamed for the war, whatever); someone complains to Paypal (snitches you out), and then Paypal yanks $2500 out of your bank account.
 
  • Like
Reactions: CarAnalogy
They need to fix their crappy app first, uses Face ID, then needs another method of verification like authy or rarely a text just to login, absolute pain in the ass. My bank or credit card I can juist login with Face ID but not PayPal, that company makes you do pointless extra steps every time. What's the bloody point in even using Face ID if I have to use another method on top?

Never used to be this way.
 
If a client has this setup but needs to give me access to their account as a developer to, say, generate some API keys for a payment gateway or something similar, how do I get the access I need? I’m talking about clients that are so technically unsavvy that it would take many hours of phone calls and screen share meetings over multiple days to get them to get the info it would take me less than five minutes to retrieve, multiplied times dozens of clients per week.
 
If a client has this setup but needs to give me access to their account as a developer to, say, generate some API keys for a payment gateway or something similar, how do I get the access I need? I’m talking about clients that are so technically unsavvy that it would take many hours of phone calls and screen share meetings over multiple days to get them to get the info it would take me less than five minutes to retrieve, multiplied times dozens of clients per week.
Passkeys are not intended to replace passwords in scenarios where you need to share credentials over the internet. You can only share Passkeys in person with Airdrop, or sign in with a QR code scan. They don’t want people to use Passkeys and get phished because a guy said to send them a Passkey over the internet, so they made it impossible to share it without a local only connection.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.