undefined | Better HN

0 pointssam_lowry_4mo ago0 comments

That's an implementation detail users should not care about.

The bigger question is... why don't we replace the login/password combination with just a string of randomly generated characters and call it a day?

Why protect these strings of random characters from users, call them passkeys and advertise them on all street corners?

Feels like a devil's plot to strip us from all the rights to our devices.

0 comments

public/private keypairs (and therefore passkeys) provide cryptographically secure anti-phishing properties that passwords cannot.

j / k navigate · click thread line to collapse

0 pointssam_lowry_4mo ago0 comments

That's an implementation detail users should not care about.

The bigger question is... why don't we replace the login/password combination with just a string of randomly generated characters and call it a day?

Why protect these strings of random characters from users, call them passkeys and advertise them on all street corners?

Feels like a devil's plot to strip us from all the rights to our devices.

public/private keypairs (and therefore passkeys) provide cryptographically secure anti-phishing properties that passwords cannot.

j / k navigate · click thread line to collapse