top | item 46939445

(no title)

I'm a big fan of passkeys, but they are currently harder to manage/reason about than passwords (even autogenerated ones stored in a password manager).

My web browser wants to own the passkeys, my OS wants to own the passkeys, I have to deny them before I can get to my hardware key. Some providers will sync passkeys amongst devices, which at some point seemed to be against the spec.

It's all rather confusing. I wish there was a straight forward best practise that can be followed without the niggling worry that you're doing it wrong, or that you might get locked out of services.

discuss

ianburrell|21 days ago

Storing passkeys in password managers is the best option. It isn't as secure as hardware tokens, but it solves the problem of managing multiple keys and losing the tokens.

Passkeys are better passwords since not vulnerable to phishing, and it makes sense to store better passwords in password manager.