undefined | Better HN

0 pointspalata9mo ago0 comments

Are you saying that it's not always possible to import/export passkeys because you can manage them with some program that doesn't allow it, but the same is not true for passkeys?

Counter-example: I can write a password manager that will not allow you to export/import passwords.

0 comments

valenterry9mo ago

No, that's not what I meant.

There are cases where bitwarden doesn't work but chrome for example does. Easy to Google up.

For passwords however, I never heard of a case where a website only accepts passwords from a specific password manager - and how could they even do that right?

palataOP9mo ago

I don't think your reasoning holds. You say "I know situations where one passkey client works with some websites and not others, but I don't know situations where a website works with some clients and not others".

If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?

valenterry9mo ago

> but I don't know situations where a website works with some clients and not others

For example: https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselec...

> If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?

Unfortunately not...

palataOP9mo ago

> For example: [...]

Those sound like requirements similar to those that can be enforced with passwords. My company enforces an SSO system with an MFA scheme that is controlled by the IT department. I can use my password manager for the password part, but I must use the mandatory MFA app.

In that sense, I am not sure it is so different from passkeys?

1 more reply

j / k navigate · click thread line to collapse

0 comments

valenterry9mo ago

No, that's not what I meant.

There are cases where bitwarden doesn't work but chrome for example does. Easy to Google up.

For passwords however, I never heard of a case where a website only accepts passwords from a specific password manager - and how could they even do that right?

palataOP9mo ago

If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?

valenterry9mo ago

> but I don't know situations where a website works with some clients and not others

For example: https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselec...

> If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?

Unfortunately not...

palataOP9mo ago

> For example: [...]

In that sense, I am not sure it is so different from passkeys?

1 more reply

j / k navigate · click thread line to collapse