Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Right, that makes such a system unusable for normal people, so it is not a good thing to force it upon them.

Whut? Passkeys work perfectly fine for "normal people".

> The benefit is not clearly there because anything that can manipulate local memory can also just use the key directly

Correct. But it does require fairly high level of system access. Hardware-bound keys also allow full hardware-attested authentication.

> Normal people are however not concerned with these Mission Impossible scenarios, and random passwords are good enough while being easy to use without an IT department to fix when it goes wrong.

If you're using truly random passwords, then you're using a password manager. And if you're using a password manager, then why not just use passkeys?

All the popular password managers support them: BitWarden, 1Pass, iCloud Keychain, even LastPass.



Passkeys don't offer anything above random passwords, and hardware attested passkeys obviously cannot work with a software password manager, which is the point.

Also like I keep saying, every browser already has a password manager. You don't need an external one. Notably though, Firefox's password manager doesn't support software passkeys, so they are completely unusable for me, for example. I'm certainly not going to sign up for some SaaS so I can use a worse version of passwords.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: