>> Passkeys are unique, so no more password stuffing attacks. > Just like passwo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		TheNewsIsHere on Dec 17, 2024 \| parent \| context \| favorite \| on: Microsoft Confirms Password Deletion for 1B Users >> Passkeys are unique, so no more password stuffing attacks. > Just like passwords. What is the difference ? >> Passkeys can't be to short, in contrast to passwords > So a "long password" is a "passkey" ? Of course not. Passkeys are effectively just key pairs defined by a FIDO standard. It’s much more productive to think of passkeys as mutual certificate authentication designed for use by the masses. If you’ve ever used a Yubikey for primary authentication, you’ve already used a passkey.

skydhash on Dec 17, 2024 [–]

The issue is tying it to a device that can be easily lost. Yubikeys can be easily hidden and are not thief magnets.

TheNewsIsHere on Dec 17, 2024 | [–]

Yep, you ideally don’t have your only key/copy of the key on any one device.

That’s why the mainstream implementations are synced. Or why you have an extra Yubikey.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact