from Hacker News

Jeff Johnson: "Passkeys are a lie and contradiction."

by donutshop on 10/11/23, 12:45 AM with 5 comments

• by lapcat on 10/11/23, 1:19 AM

  I've flagged this as a low value submission, despite the fact that I'm the author the linked social media post. It's not much more than a little rant.

  However, I will give credit to the comment https://news.ycombinator.com/item?id=37837124 on the submission "Passkeys are now enabled by default for Google users" https://news.ycombinator.com/item?id=37832585 for the link to the 1Password AMA: https://old.reddit.com/r/1Password/comments/16to6x7/hey_redd...

  I did write a longer blog post on the subject a number of months ago: https://news.ycombinator.com/item?id=35854216 (176 comments)

• by tfehring on 10/11/23, 1:55 AM

  > The only way to avoid vendor lock in is to allow passkeys to be persisted unencrypted.

  Is this true? Naively I’d expect there to be a two-key solution that would allow Vendor A to transfer passkeys to Vendor B without requiring them to be stored unencrypted. Is the issue just that the two vendors have to trust each other (as opposed to just both being trusted by the user) for that to work?

• by cushpush on 10/11/23, 12:47 AM

  plaintext passwords are automatically converted to stars on hacker news...

• by holigot on 10/12/23, 6:17 AM

  So what to do? Use 1Password, Bitwarden use iCloud Keychain or something different like Enpass, KeePass, Strongbox or something else to sync it local?