Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So the same passkey is being used on multiple devices, rather than different devices (actually applications) having distinct passkeys.

Doesn't that defeat one of the centrals aims of passkeys? In what ways is your setup different than random passwords in bitwarden - what's the additional security?



Passkeys cannot be phished.

Other than that they shouldn't have a big advantage for a more professional user with unique, long, and random passwords. For the common user it should be a great upgrade, giving all these advantages with better UX.


Another is that passkeys are single login and sites don’t use 2FA. Not having to get out TOTP or receive SMS is worth it.

Basically, any site that does 2FA should take passkeys.


You can store 2fa in a password manager except for the dumb sms-bases ones, but that's still an extra step


Password autofill also provides that protection as it won't match on phishing domain


The password manager has become the device (and offers some assurance if the device is lost, as you can log into the manager on another device). I agree definitely isn't the original vision of passkeys (having a different passkey on every device, stored in separate password databases?), but it makes more sense for my cases.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: