(fidoalliance.org)

225 points Terretta | 1 comments | 15 Oct 24 12:18 UTC | HN request time: 0s | source

Show context

solarkraft ◴[16 Oct 24 15:14 UTC] No.41860069[source]▶

I had hope for passkeys, with all the interop-promises.

It turned out that no (mainstream) passkey provider allows backups however, making them infinitely worse than just using passwords.

Maybe this will help, but fuck me, it’s all complicated, especially for a damn foundational security mechanism!

It could be so simple, just look at SSH keys, which I think largely use the same principle.

1. arccy ◴[16 Oct 24 22:56 UTC] No.41864718[source]▶

if you can get a backup, someone can get scammed into providing that to an attacker, taking away any security benefit.

FIDO Alliance publishes new spec to let users move passkeys across providers