logoalt Hacker News

CodesInChaostoday at 8:28 PM3 repliesview on HN

> passkeys, the modern way to handle login that gets rid of password resets entirely

Doesn't that just trade password resets for passkey resets? Or do they permanently lock out users who lose their passkey?

Replies

port11today at 8:40 PM

Passkeys cannot be cryptographically reset, but plenty of providers have account recovery flows in case you lose your passkey. Without a recovery mechanism you’d be technically locked out, that’s true.

iknowstufftoday at 8:36 PM

Yeah you just allow setting a new passkey by sending an email link, just like password resets. Passkeys don't have to be remembered, can't be phished, and don't need 2FA.

show 1 reply
Fire-Dragon-DoLtoday at 8:33 PM

The second one