Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really, to some extent some amount of collateral damage is necessary for a free and open society. I don't want to live in a nanny state that decides everything for me.

But somehow the same people arguing for ultimate freedom and OSS are also arguing for centralization of passwords into corporate controlled infrastructure.

I'm somewhat at a loss on how to argue on these issues. You want to hand over control over your key infrastructure to big tech and you want the average population to do that as well? Go ahead. Most people on iPhones already use sign in with Apple with apples 2FA system anyway it won't matter to them.

But why encroach on me and force me to use it to protect me from myself?



You can always use a FIDO2.1 key as a passkey, they're not tied to the big tech. I don't even have a smartphone and have been using them on the couple of sites that support passkeys just fine.

We will also have at least one open software implementation when this gets merged:

https://github.com/keepassxreboot/keepassxc/pull/8825

There are braindead implementations like PayPal's:

https://www.paypal.com/us/cshelp/article/what-are-paypal-pas...

that force you to use Android or iOS, but it's nothing new, they manage to fuck up everything they touch (for example, U2F 2FA only supports registering one hardware key and it has been that way for years).


What part of Passkeys is "centralization of passwords into corporate controlled infrastructure"?

"Big Tech" does not control Passkeys beyond the work on the underlying WebAuthn spec https://www.w3.org/TR/webauthn-2/, and that they develop implementations of that spec.


Because users who lost account because of lack of 2FA usually require attention and support resources. It’s easier to require more security than to figure out if this is a legitimate user who is trying to get access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: