Hacker News new | past | comments | ask | show | jobs | submit login

> They aren't tied to a device that can be lost, stolen or broken, or requiring you to have multiple devices just in case; and not tied to biometrics.

They optionally can be all of the above, using AAGUIDs and direct attestation.




If even one of the big three refuse to support attestation, then it's dead. And trying to retroactively force attestation at a later date will an even bigger headache than it would be right now.


It's not really a feature for normal passkey users as much as it is for enterprises / government who need to use vetted hardware (e.g. you can only allow AAGUIDs from FIPS YubiKeys).




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: