If you don’t trust yourself to have backup keys, you use the Google or Apple eco... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

potatoz2 on Oct 13, 2022 | parent | context | favorite | on: Bringing passkeys to Android and Chrome

If you don’t trust yourself to have backup keys, you use the Google or Apple ecosystem. As long as you can get back into your Google or iCloud account, you can get back into every other passkey-protected website. You can also use third-party “cloud” password managers if you prefer.

WebAuthn lets you dial the convenience/security tradeoff exactly however you prefer. I’ll be using hardware tokens, but I’ll be telling non-technical people to use their existing smartphones.

tjoff on Oct 13, 2022 [–]

It's not that I don't trust myself to have backup keys it is that the workflow is completely broken.

You have to manually add each key on every service. And you can typically at best only add two keys.

It is not a working system for individuals.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact