Hacker News new | past | comments | ask | show | jobs | submit login

Sadly, WebAuthn is also becoming a victim in the same way (at least on iOS).

The expectation is that WebAuthn private keys are stored in the secure enclave, which would be a comparable security guarantee to YubiKeys and other hardware devices.

"Passkeys" are now forcibly synced via iCloud, you can't use WebAuthn on iOS without enabling iCloud Keychain.




Huh, thanks, I wrongly assumed that Passkeys inherited WebAuthn’s attestations for hardware-backed keys. I guess organizations will need to ban Passkeys internally.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: