Hacker News new | ask | show | jobs
by greenicon 238 days ago
Passkeys cannot be phished.

Other than that they shouldn't have a big advantage for a more professional user with unique, long, and random passwords. For the common user it should be a great upgrade, giving all these advantages with better UX.
2 comments
ianburrell 238 days ago
Another is that passkeys are single login and sites don’t use 2FA. Not having to get out TOTP or receive SMS is worth it.

Basically, any site that does 2FA should take passkeys.

link
eviks 237 days ago
You can store 2fa in a password manager except for the dumb sms-bases ones, but that's still an extra step
link
eviks 237 days ago
Password autofill also provides that protection as it won't match on phishing domain
link