undefined | Better HN

0 pointsGroxx2y ago0 comments

Yep, this is why I don't use passkeys.

I tried. The power-grabbing garbage was immediately apparent and sent me straight for "heck no, I'll just use passwords until they figure this out, at least that can't control my password manager".

In principle I should be very in favor of them, but the wild variety of lack of support for basics, and the built-in-the-spec ability for site X to control how I store and sync stuff is utterly bonkers. It's feeling like the OpenID promise -> OAuth platform lock-in cycle all over again, but compressed into v1.

0 comments

sroussey2y ago

I use 1Password which supports Passkeys, and don’t have an issue across mobile or desktop.

I don’t get what the issues people have really are. I never experience them (fortunately!).

MrDrMcCoy2y ago

1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account, leaving you high and dry. Self-hosted, multi-device password managers are the only real solution. Thankfully, Vaultwarden and KeePassXC fill this role perfectly.

Now if we could just get the other providers that require insecure email/SMS 2FA to follow suit, that would be great...

ceinewydd2y ago

I’m really not sure the “only real solution” is every human needs to selfhost a password manager. That’s ill-advised; an extreme take.

The vast majority of the population will do a worse job on the availability and security of a selfhost solution than 1Password, whose core business and value proposition is password management.

I’m a very happy user of 1Password for Families and consider it the likely the best ~$50 a year that I spend on hosted technologies.

recursive2y ago

I'm a happy user of 1password also. But I'm not touching passkeys until they let me export them. Last time I checked, it was a platform lock-in.

2 more replies

MrDrMcCoy2y ago

I disagree. While Vaultwarden may be a bit much to ask of the unwashed masses, the storage model of KeePass* is very easy to understand and works with any existing file synchronisation solution, which almost everyone already has at this point. The effort is nearly as low as with a cloud hosted solution, and the value/safety proposition is quite high.

patrakov2y ago

I also think that the "self-hosted" requirement is an over-reach. It would be sufficient to require some standardized commodity that can, in principle, be self-hosted, but is available in an equivalent form from multiple unaffiliated third parties. E.g., a WebDAV folder.

sroussey2y ago

Agreed. I self hosted the key 100 bitcoin in like 2010. Machine crashed. Oops.

5 more replies

arthur_sav2y ago

> 1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account

They used to offer their apps offline and you could "host" it anywhere. Venture Capital ruined them.

generalpf2y ago

Having the passwords in the cloud is useful though. Before, if you wanted to use your vault across multiple machines, you had to store your vault in someone else’s cloud. This simplifies the process.

1 more reply

signal112y ago

And KeePass XC supports passkeys too[1]. Although I’ve not had a chance to try that out yet.

[1] https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys

freeAgent2y ago

Your vault is stored locally on each device, so if they decide to shut down you just export locally, import somewhere else and move on. It’s not as big of a deal as you seem to be implying.

skinkestek2y ago

I wonder if BitWarden doesn't support passkeys too.

BitWarden is open source to a large degree and even provides an (open source) server for self-hosting.

yaleman2y ago

It does, works great. Not sure about vaultwarden's support for it though.

1 more reply

gcr2y ago

For others reading this thread, looks like KeePassXC announced passkey support last October!

Does it work well?

Hnrobert422y ago

No they can’t. You have a local cache. Also, you can export and backup if you are really worried.

briffle2y ago

Bitwarden supports passkeys, is open sourced, and can be self hosted.

MrDrMcCoy2y ago

Vaultwarden is a much simpler self-hosted Bitwarden.

j / k navigate · click thread line to collapse

0 comments

sroussey2y ago

I use 1Password which supports Passkeys, and don’t have an issue across mobile or desktop.

I don’t get what the issues people have really are. I never experience them (fortunately!).

MrDrMcCoy2y ago

Now if we could just get the other providers that require insecure email/SMS 2FA to follow suit, that would be great...

ceinewydd2y ago

I’m really not sure the “only real solution” is every human needs to selfhost a password manager. That’s ill-advised; an extreme take.

The vast majority of the population will do a worse job on the availability and security of a selfhost solution than 1Password, whose core business and value proposition is password management.

I’m a very happy user of 1Password for Families and consider it the likely the best ~$50 a year that I spend on hosted technologies.

recursive2y ago

I'm a happy user of 1password also. But I'm not touching passkeys until they let me export them. Last time I checked, it was a platform lock-in.

2 more replies

MrDrMcCoy2y ago

patrakov2y ago

sroussey2y ago

Agreed. I self hosted the key 100 bitcoin in like 2010. Machine crashed. Oops.

5 more replies

arthur_sav2y ago

> 1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account

They used to offer their apps offline and you could "host" it anywhere. Venture Capital ruined them.

generalpf2y ago

1 more reply

signal112y ago

And KeePass XC supports passkeys too[1]. Although I’ve not had a chance to try that out yet.

[1] https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys

freeAgent2y ago

Your vault is stored locally on each device, so if they decide to shut down you just export locally, import somewhere else and move on. It’s not as big of a deal as you seem to be implying.

skinkestek2y ago

I wonder if BitWarden doesn't support passkeys too.

BitWarden is open source to a large degree and even provides an (open source) server for self-hosting.

yaleman2y ago

It does, works great. Not sure about vaultwarden's support for it though.

1 more reply

gcr2y ago

For others reading this thread, looks like KeePassXC announced passkey support last October!

Does it work well?

Hnrobert422y ago

No they can’t. You have a local cache. Also, you can export and backup if you are really worried.

briffle2y ago

Bitwarden supports passkeys, is open sourced, and can be self hosted.

MrDrMcCoy2y ago

Vaultwarden is a much simpler self-hosted Bitwarden.

j / k navigate · click thread line to collapse