Passkeys and Modern Authentication

(lucumr.pocoo.org)

184 points Bogdanp | 1 comments | 02 Sep 25 13:47 UTC | HN request time: 0.582s | source

Show context

seany ◴[02 Sep 25 17:15 UTC] No.45106027[source]▶

Exporting passkeys is the single required feature for me to start using them more. The "anti phishing" push has really gotten a little too crazy. It seems mostly related to our legal inability to push security responsibility onto consumers.

replies(4): >>45106104 #>>45106144 #>>45106767 #>>45108849 #

jazzyjackson ◴[02 Sep 25 17:22 UTC] No.45106144[source]▶

>>45106027 #

Given that you don't strictly need to have one passkey per site, is this desire to move passkeys around a holdover from wanting to "export" your passwords? Because if you can export them, an exploit can too. I find passkeys rather more interesting when they cannot be exported from a HSM / key enclave / yubikey, but of course I need to be able to register multiple yubikeys per site, and a few of my accounts didn't allow for this so I ended up using my yubikey for TOTP since I can have the same seed on multiple devices.

replies(3): >>45106498 #>>45106736 #>>45107969 #

1. recursive ◴[02 Sep 25 18:00 UTC] No.45106736[source]▶

>>45106144 #

You should be allowed to keep your passkeys in such enclave. But there seems to be no alternative. I'm in the same boat as the GP. I'm not touching passkeys unless and until I can export them into a file I can get my grubby hands on. I'm guessing that's never happening. Not sure what one-passkey-per-site has to do with it.

↑