Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A passkey is a synced, discoverable WebAuthn credential. While many implementations protect the private keys with additional security measures like secure enclaves or TPMs, it's not required. If you want to use an implementation that doesn't use those types of lock-ins, even when they're there to protect your credentials, you can. Multiple software-only implementations exist.


Until they start trying to enforce attestation. Then your only choice will be giving a large corporation control over your online access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: