That is exactly the question a user should ask themselves. I can't answer it for... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

sp332 on May 8, 2018 | parent | context | favorite | on: Yubico and Microsoft Introduce Passwordless Login

That is exactly the question a user should ask themselves. I can't answer it for anyone else. But for your two cases, the key is more secure because there is no relatively short password that can be guessed. An attacker has to brute force the cryptographic key, which should be infeasible. Passwords are easier to crack online or offline, unless you've picked a password with 112 bits of entropy.

emlun on May 8, 2018 [–]

>brute force the cryptographic key, which should be infeasible.

Not only infeasible - physically impossible, in fact (barring quantum computers). Just 128 bits of entropy would take 1e16 (10 quadrillion) years to brute force at 1e15 attempts per second. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact