Passkeys are highly phishing resistant in a way that passwords are not and are n... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		johnmaguire 3 months ago \| parent \| context \| favorite \| on: The cryptography behind passkeys Passkeys are highly phishing resistant in a way that passwords are not and are not subject to credential reuse (though password managers somewhat solve the first problem and almost entirely solve the latter problem.) In effect, though, 1Password is both something you have (the device with 1P logged in, login requires a Security Key that you don't memorize) and something you know (the master password) or are (typically biometrics can be used to unlock for a period after entering the master password.)

jcattle 3 months ago [–]

How do Password managers solve phishing issues? Even just somewhat?

josephcsible 3 months ago | [–]

Your password manager will autofill your credentials on the real site but not on a phishing site.

jcattle 3 months ago | | [–]

Ah true. Didn't think of that. Good point

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact