(fidoalliance.org)

225 points Terretta | 1 comments | 15 Oct 24 12:18 UTC | HN request time: 0.582s | source

Show context

jakub_g ◴[16 Oct 24 21:02 UTC] No.41863841[source]▶

Something that is not clear to me about passkeys and makes me uneasy to start using them:

Are passkeys replacing passwords, 2FA, or both?

What if I created a passkey on some device, lost that device, and my passkeys aren't cloud-backed-up? Would I be able to recover my account, or it's doomed? Or does it depend on how a given website implemented it?

replies(6): >>41863858 #>>41864360 #>>41865277 #>>41866433 #>>41866779 #>>41866793 #

rootusrootus ◴[16 Oct 24 21:05 UTC] No.41863858[source]▶

>>41863841 #

If the passkey is all you have, then you're doomed (at least to the extent of whatever alternative recovery procedures the vendor is making available to you). That's why it's pretty universal to provide backup codes to put in your safe when setting up a passkey.

replies(4): >>41864020 #>>41867227 #>>41869238 #>>41908599 #

1. CatWChainsaw ◴[21 Oct 24 21:17 UTC] No.41908599[source]▶

>>41863858 #

A backup code is a password made of numbers.

↑

FIDO Alliance publishes new spec to let users move passkeys across providers