Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Passkeys cannot be phished.

Other than that they shouldn't have a big advantage for a more professional user with unique, long, and random passwords. For the common user it should be a great upgrade, giving all these advantages with better UX.



Another is that passkeys are single login and sites don’t use 2FA. Not having to get out TOTP or receive SMS is worth it.

Basically, any site that does 2FA should take passkeys.


You can store 2fa in a password manager except for the dumb sms-bases ones, but that's still an extra step


Password autofill also provides that protection as it won't match on phishing domain




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: