Hacker News new | ask | show | jobs
by derbOac 1106 days ago
That was helpful but there's a difference between "possible" and "feasible in practice for the vast majority of users". Eg, you can theoretically develop your own passkey device as you say, but that doesn't mean most people can.

I'm not sure I really prefer passkeys less than passwords but I do think some of the "misconceptions" aren't really misconceptions, but realistic concerns about what happens in practice. It might be better to be up front about these than dismissive, because that's where the problems in practice develop.
1 comments
stavros 1106 days ago
But you don't need most people to develop their own Passkey device any more than you need most people to make a phone.

A company will make it, vote with your wallet and buy the one that suits you.

I'm looking forward to BitWarden supporting Passkeys, for example, as that's my preferred way of using them.

link
zamadatix 1106 days ago
If I have an iPhone, Mac, Windows PC, and Android Tablet I want to know and talk about what I can do with Passkeys, not what could theoretically be done. After all, I'm not looking at Passkeys for an academic exercise. I'm actually looking to see how feasible it is for me to use Passkeys to replace my passwords today.

If that means "install BitWarden on all of your devices. The devices will work with it and you can backup/export your key locally" that's fantastic, I'd love to see a guide on how to get that going on all of my devices. However, if that means "according to the standards, something like a BitWarden could do what you want it to do, if they built it, allowed export, and the devices all allowed integration. Alternatively, you replace your devices with ones that do." then I really don't care what the theory says could be done, Passkeys cannot actually replace my use of passwords at the moment.

link
stavros 1106 days ago
That's up to you, but "that isn't possible yet with this two-month-old technology" is very different from "that isn't possible".
link
zamadatix 1106 days ago
Well, that's my point. People are referring to what is possible today but your "misconceptions" are responses to what could be possible in the future.
link
stavros 1106 days ago
Well, I disagree. People aren't saying "I want to use this today and can't because X is missing", they're saying "I'm opposed to this technology because X will never be possible", when it will be.

Look at this comment, as the first example I found:

https://news.ycombinator.com/item?id=36237683

It basically says "Passkeys = USB keys", which is wrong. If you don't like the tradeoffs that specific authenticator makes, use another passkey authenticator type.

"Passkeys are strictly less secure" is just objectively wrong.

link
zamadatix 1106 days ago
While I do agree that thread is different, it'd make sense to reply to that thread about it instead of this one.
link