undefined | Better HN

0 pointspseudo02y ago0 comments

It cuts out the necessity for a password manager browser extension to handle stuff like autofill, password generation, etc. Those extensions have had fairly significant vulnerabilities in the past. So you're reducing the attack surface, as well as getting a cryptographic guarantee against phishing (the signature the client returns include the domain that sent the challenge).

Edit: The other great part is that the server just stores your public key, so it's idiot proof on their end. It makes a breach effectively useless, since offline cracking is impossible.

0 comments

nxicvyvy2y ago

Except now you have vendor, browser and device lock in. So password managers are required to solve those very real problems anyway.

The value of these seem very low. Passkeys are a solution looking for a problem.

Mayve 10 years ago before password managers became a thing they made more sense? Now they're just kind of annoying and hard to share (sharing passwords is a real need for many people /applications / services)

megous2y ago

You don't need browser extensions to use a password manager. You can just copy&paste.

Terr_2y ago

Except we're talking about protections against phishing, and as much as I love the clipboard it will paste anywhere you like, including definitely wrong and evil places.

ParetoOptimal2y ago

I would just not use a password manager if I had to do that honestly.

j / k navigate · click thread line to collapse