←back to thread

FIDO Alliance publishes new spec to let users move passkeys across providers

(fidoalliance.org)
225 points Terretta | 2 comments | 15 Oct 24 12:18 UTC | HN request time: 0.418s | source
Show context
jakub_g ◴[16 Oct 24 21:02 UTC] No.41863841[source]
Something that is not clear to me about passkeys and makes me uneasy to start using them:

Are passkeys replacing passwords, 2FA, or both?

What if I created a passkey on some device, lost that device, and my passkeys aren't cloud-backed-up? Would I be able to recover my account, or it's doomed? Or does it depend on how a given website implemented it?

replies(6): >>41863858 #>>41864360 #>>41865277 #>>41866433 #>>41866779 #>>41866793 #
rootusrootus ◴[16 Oct 24 21:05 UTC] No.41863858[source]
If the passkey is all you have, then you're doomed (at least to the extent of whatever alternative recovery procedures the vendor is making available to you). That's why it's pretty universal to provide backup codes to put in your safe when setting up a passkey.
replies(4): >>41864020 #>>41867227 #>>41869238 #>>41908599 #
create-username ◴[16 Oct 24 21:27 UTC] No.41864020[source]
you should have passkeys on at least two or three devices
replies(2): >>41865385 #>>41866292 #
1. EvanAnderson ◴[17 Oct 24 00:51 UTC] No.41865385[source]
Having one more thing to remember to do when I create a new account seems like the kind of tedious make-work computers should be automating.
replies(1): >>41865431 #
2. rootusrootus ◴[17 Oct 24 01:01 UTC] No.41865431[source]
I agree. The better answer from my view is to handle passkeys like passwords and manage them the same way.