Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So in order to access a service your access device has to have a secure enclave that can enact this crypto?


Or you can use an external hardware security key; the latest versions of most security keys (like YubiKey 5, Nitrokey 3, etc) support Passkeys. Passkeys are basically just U2F 2.0, allowing you to use an asymmetric key pair as the first factor instead of the second.


Thanks for that, Yubikey notes that you cannot copy passkeys (this is good!), but now I'm wondering if I can have multiple passkeys (for a backup key)...


That's up to each services to implement, but so far all the sites I use with Passkeys have my two Yubikeys registered.


It depends on the implementation, but I think that's the general idea. https://developer.android.com/privacy-and-security/keystore for Android, for example.


Most modern devices do contain a hardware based Secure Enclave.

Because the technology is newish I would do some research before using it for anything really important.


> Most modern devices do contain a hardware based Secure Enclave.

So like Intel's SGX was so secure until it was not?


If my setup is secure enough that someone has to break SGX on my laptop to beat it, that's good enough for me. What is your threat model anyway?


You have to start somewhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: