undefined | Better HN

0 pointslovethevoid1y ago0 comments

Your keys are in your password manager of choice, you can create one per service+manager (eg. your google account can have one passkey using iCloud Keychain, and another one using bitwarden). If you lose access to your PM, the other recovery processes would take place.

It might help your mental model to think about them as identical to hardware security keys. Except now you don't need to buy a specific hardware key, your password manager is it. You can also just use your hardware key as your passkey, same thing (as long as the key supports FIDO2).

Specifically for your question on what happens if you lose face/fingerprint sensor. So this would be assuming you use Android/iOS's password managers, in that case even with biometrics failing you can just use the code you set on your device as both have fallbacks.

0 comments

2 comments · 2 top-level

miki1232111y ago

Why did we need a new standard for this, exactly?

Couldn't we just make password managers pretend that they're a Jubikey or similar?

Is it that Jubikeys don't offer any extra (master password / biometric) authn, and hence are only suitable as a second factor, where password managers can be used as both?

jms7031y ago

Good explanation, IMO.

j / k navigate · click thread line to collapse