Please, please, please stop using passkeys for encrypting user data
14 points by timmyc123
by markhahn
0 subcomment
Maybe I'm not getting it. Doesn't the problem start with ever deleting a passkey?
That is: how do you ever know you don't need it anymore?
Also, what is the alternative? Just a password that you store in the vault? Seems like deleting those gets you back to the same place (with all the disadvantage of a plain password).
by code-e
2 subcomments
What's the difference between keeping a passkey in bitwarden, and just using a password, also in bitwarden?
by
0 subcomment
by apothegm
2 subcomments
Not to mention the challenges when (gasp!) a single user uses more than one device. Like, yes, some of us have both desktop computers and phones, thanks for asking.
This is why I refuse to let most sites set me up with passkeys. I’m considering making exceptions for the ones that usually get this stuff right (like GitHub).
Hacker News