| ▲ | pabs3 8 hours ago | |||||||
KeepassXC has exportable passkeys, so you can avoid the stolen case at least. | ||||||||
| ▲ | 8cvor6j844qw_d6 4 hours ago | parent | next [-] | |||||||
> exportable passkeys But didn't the author hint that this could get blocked? My general read on passkeys and their implementers is that exportability is seen as a risky feature, and there's a push to make it as opaque as possible, likely through attestation or similar mechanisms. [1]: https://github.com/keepassxreboot/keepassxc/issues/10407 | ||||||||
| ▲ | hollow-moe 4 hours ago | parent | prev [-] | |||||||
Too bad the spec is stupid and requires password managers to be identifiable so servers can deny the "insecure ones". It's already a pain to use Keepassxc for otp since they all want you to use their apps but it's still doable (the worst offender being steam where you have to hack your own app to extract the otp secret). With passkeys you won't have a choice to use The Google AuthenticatorTM etc because eventually some exec will find they can block every provider except their own to boost app download KPI. I really like concept of passkeys, the simple fact of using asymmetric keys is so much better than giving the secret to prove you have it, but the spec is hostile and thought for vendor closing. | ||||||||
| ||||||||