Passkeys and Modern Authentication

(lucumr.pocoo.org)

184 points Bogdanp | 1 comments | 02 Sep 25 13:47 UTC | HN request time: 0.305s | source

Show context

alphazard ◴[02 Sep 25 17:11 UTC] No.45105959[source]▶

Unfortunately the tech community is full of people who pride themselves on being aware of and advocating for the latest standard put out by whatever company. That's how we end up with lots of complicated nonsense like most of what is sent in HTTP headers, or the contents of a TLS certificate.

On the topic of authentication, it's solved. SSH nailed it, any further complexity is strictly worse. Signing up is uploading a public key. Signing in is cryptographically signing a commitment to the current ephemeral tunnel.

replies(10): >>45106121 #>>45106140 #>>45106170 #>>45106176 #>>45106183 #>>45106261 #>>45106406 #>>45106911 #>>45107421 #>>45107745 #

yomismoaqui ◴[02 Sep 25 17:22 UTC] No.45106140[source]▶

>>45105959 #

All developers pass this magpie phase [1] and as you get older you start to see new things more critically.

I guess a desirable trait of seniority is to balance the urge to play with new toys vs the feeling that sometimes we are running in circles, repeating the same mistakes with different tech.

[1]: https://blog.codinghorror.com/the-magpie-developer/

replies(2): >>45106896 #>>45107461 #

1. skybrian ◴[02 Sep 25 18:11 UTC] No.45106896[source]▶

>>45106140 #

I’ll add that eventually it’s less about what I want and more about what would work for other people I know. Many of them aren’t very technical.

What do you need to do to keep family from (a) not getting locked out and (b) not getting phished?

↑