undefined | Better HN

0 pointsls61210mo ago0 comments

Don't passkeys still have tons of vendor lock-in attached? A password I can put into any password manager I want and transfer it to a different password manager and neither the password manager company nor the company for which I made the account is any the wiser.

0 comments

taeorg7410mo ago

Some PW managers can store a passkey, but when tied to a device, if the device is compromised then all of your accounts are unless you're also using a yubikey or third device 2fa

udev409610mo ago

I was talking about a self-hosted OIDC provider to avoid a vendor lock in. You can transfer passkeys from vaultwarden to any other password managers

ls612OP10mo ago

I could be wrong or misinformed, but I thought part of the passkey spec included some kind of remote attestation mechanism to facilitate vendor lock-in (ie Google could say its account passkey is only valid if stored in Chrome's password manager, to make up a silly example).

j / k navigate · click thread line to collapse