I don't trust passkeys, and yet so far, I'm not bothered by them. This is becaus... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

skybrian on April 26, 2024 | parent | context | favorite | on: Passkeys: A shattered dream

I don't trust passkeys, and yet so far, I'm not bothered by them. This is because I use them as an additional way to log in.

The other day I noticed that for some reason GitHub couldn't seem to find my Android passkey. Weird. So I logged in using my Yubikey and recreated it.

But this would be a lot worse if it were your only way of logging in. Always have multiple authentication methods for important accounts.

sedatk on April 26, 2024 [–]

You can have multiple passkeys (using different devices or passkey providers) for a single site too. You don't need to fall back to another login mechanism.

skybrian on April 26, 2024 | [–]

Yep, that too. It's especially convenient if you have both iOS and Android since you can easily log in using either.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact