| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by drdaeman 1106 days ago

> KeePass does today

Not yet: https://github.com/keepassxreboot/keepassxc/issues/8214 (and https://github.com/keepassxreboot/keepassxc/pull/8825)

And even if they will, they're at mercy of e.g. Apple letting anyone to replace iCloud Keychain with a third-party password manager. Which is also not possible yet. Probably the same for Android, although I'm not sure what's the situation there today. (But whatever it is, I would say that "well, don't use Apple/Google devices" is not an option for many in the current duopoly.)

All this can be solved, but the issue that is is not - today. So, today, I'm voicing my discontent.

> and then you can use your password manager as your Passkeys provider on all your devices

In an ideal world - yes. Sadly, I can't do this today with passwords, even though the world had spend many decades on trying to make things as seamless as possible. Over last year I've had to manually open a password manager on one device and type a password on another more than a few times.

The most obvious example is logging in to a streaming service on a smart TV - one step away from the normal conditions (scan-QR-code-on-my-phone flow not working) and typing password is the only option. Netflix is gonna love passkeys so users will possibly have slightly harder time logging in on others' devices ;-) BTW, sharing passkeys is also not exactly a solved issue - yet (even though some vendors made some promises).

Then, there's a case of accessing from untrusted devices (say, a net cafe). Theoretically, Passkeys should be a drastically superior solution to passwords - I would be able to plug in a security key, and it won't leak the keys, so even if a machine has a keylogger or network sniffer I'm still fine. In practice, however, enrolling a physical security key (Yubikey, Nitrokey, Solo) requires having it physically available, so it's always going to be inconvenient - and this is not changing until the standard extends or changes. Worse for multiple keys (I have four so every Webauthn sign-up is a pain in the ass). Because I'm most certainly not installing my password^W passkey manager on some untrusted machine.