I'm a bit of a curmudgeon about this. Until service providers are no longer allowed to:

alyandon • today at 5:36 PM • 1 reply • view on HN

I'm a bit of a curmudgeon about this.

Until service providers are no longer allowed to:

  1) force the type of passkey stores used (e.g. hardware vs software) when I am providing the passkey store
  2) force me to MFA (e.g. forcing touch ID, entering pin or unlock password, etc) when attempting to use a passkey

I'll continue to stick to plain old boring password + TOTP. I fully understand the security trade-offs like phishing resistance but password + TOTP is secure enough for me.

Replies

Groxx • today at 6:18 PM

Many/all? also need to have some form of manual input as a backup, so you're not forced to sync all your passwords to e.g. a library's computer just to log in, if your house burns down or something.

Which probably looks a lot like a password.

alt Hacker News

Replies