Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Which user/comment are you referring to? The top-level comment? I'm the person you replied to initially, and that's not what I said, so I'm assuming you're referring to something else.


passkeys stored in a password manager aren't any more secure in practical terms than random passwords stored in a password manager

It is my contention that this statement is:

1. Categorical,

2. False, and

3. Categorically false


And you would be wrong. You somehow jumped from "in practical terms" to "literally equivalent".


They are not comparable in practical terms.


Maybe, maybe not. You went out of your way to attack a straw man instead of showing any of that. So why should I believe you now?


I have no idea who you are, am comfortable with who does and does not believe me here, and think you should do you. But no: the two approaches do not offer comparable practical security.

From the questions and comments across the rest of this thread, the misunderstanding here seems clear: the person I'm responding to did not realize that FIDO2 cryptographically binds credentials to sites.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: