←back to thread

225 points Terretta | 1 comments | | HN request time: 0s | source
Show context
jakub_g ◴[] No.41863841[source]
Something that is not clear to me about passkeys and makes me uneasy to start using them:

Are passkeys replacing passwords, 2FA, or both?

What if I created a passkey on some device, lost that device, and my passkeys aren't cloud-backed-up? Would I be able to recover my account, or it's doomed? Or does it depend on how a given website implemented it?

replies(6): >>41863858 #>>41864360 #>>41865277 #>>41866433 #>>41866779 #>>41866793 #
rootusrootus ◴[] No.41863858[source]
If the passkey is all you have, then you're doomed (at least to the extent of whatever alternative recovery procedures the vendor is making available to you). That's why it's pretty universal to provide backup codes to put in your safe when setting up a passkey.
replies(4): >>41864020 #>>41867227 #>>41869238 #>>41908599 #
create-username ◴[] No.41864020[source]
you should have passkeys on at least two or three devices
replies(2): >>41865385 #>>41866292 #
hedora ◴[] No.41866292{3}[source]
How do you keep those devices synced? I have over 500 accounts in my password manager. Do I need to manually set up 500 * 3 devices?
replies(2): >>41866851 #>>41883393 #
1. klausa ◴[] No.41866851{4}[source]
You use your password manager to sync them.