alt Hacker NewsHow tf are you supposed to provide working authentication without storing the email somewhere? Should i just disable password resets and tell the users to fuck off if they forget theirs? Cant even use passkeys as they make users identifiable too.
Replies
K0balt • yesterday at 9:14 AM
Users need to have hard memorization or record of a paraphrase, same as a crypto wallet. Or just use web3 for auth, that can work well if users have decent opsec.
wrxd • yesterday at 9:36 AM
That’s a trade off if you don’t want the service to know who you are
How do passkeys make users identifiable beyond being a random token? I recall FIDO shared hardware key serial numbers with websites, but at least on Firefox, it prompts you to deny it.