Hacker News new | ask | show | jobs
by stavros 368 days ago
While I don't agree with the grandparent's fears, you're only half correct: The server can mandate that you use an authenticator from X company, so some sites might block KeepassXC, even if they don't block a specific key.
1 comments
cyberax 368 days ago
There is no specific attribution in Passkeys, there's AAGUID but it's allowed to be all-zero. So they actually can't block passkeys _from_ KeypassXC.

They can instead block all the passkeys, to be exact: WebAuthn credentials that are not rooted in hardware and don't have attestation.

link