It is absolutely unfair to say it. Just like passwords stored in a password manager, passkeys can be...

simoncion • yesterday at 10:11 AM • 1 reply • view on HN

It is absolutely unfair to say it. Just like passwords stored in a password manager, passkeys can be copied out of the device for safekeeping. Because you can copy them out, a user can be induced to give them to someone.

I saw passkey boosters go very, very rapidly from "Passkeys are immune to phishing!" to "Passkeys are phishing resistant!" when lots of real-world people started using passkeys and demonstrated that you absolutely must have a way to back them up and move them around.

Replies

lxgr • yesterday at 10:13 AM

> passkeys can be copied out of the device for safekeeping

You can't copy them out on at least the iOS, Android, and (to my knowledge) Windows default implementations.

> lots of real-world people started using passkeys and demonstrated that you absolutely must have a way to back them up and move them around.

Millions of people use them without being able to move them around in the way you describe.

➕ show 1 reply

alt Hacker News

Replies