(fidoalliance.org)

225 points Terretta | 1 comments | 15 Oct 24 12:18 UTC | HN request time: 0.196s | source

Show context

solarkraft ◴[16 Oct 24 15:14 UTC] No.41860069[source]▶

I had hope for passkeys, with all the interop-promises.

It turned out that no (mainstream) passkey provider allows backups however, making them infinitely worse than just using passwords.

Maybe this will help, but fuck me, it’s all complicated, especially for a damn foundational security mechanism!

It could be so simple, just look at SSH keys, which I think largely use the same principle.

replies(5): >>41860481 #>>41863668 #>>41864115 #>>41864718 #>>41866900 #

skybrian ◴[16 Oct 24 15:48 UTC] No.41860481[source]▶

>>41860069 #

You can create backup keys by creating more passkeys.

replies(2): >>41862445 #>>41871701 #

lelandbatey ◴[16 Oct 24 18:50 UTC] No.41862445[source]▶

>>41860481 #

That's not a backup, that's just another secret. If I can't record the secret onto paper that I can put in a safe deposit box at a bank (or several), then it ain't backed up.

replies(2): >>41862467 #>>41862675 #

dixie_land ◴[16 Oct 24 18:52 UTC] No.41862467[source]▶

>>41862445 #

I understand the semantic difference but wouldn't you be able to say add a "backup" Yubikey and lock it in a safe?

replies(3): >>41862523 #>>41864017 #>>41867699 #

1. lxgr ◴[17 Oct 24 08:59 UTC] No.41867699[source]▶

>>41862467 #

If you need (and therefore have) access to your safe every other week, chances are it’s not actually very secure.

↑

FIDO Alliance publishes new spec to let users move passkeys across providers