this post was submitted on 05 Aug 2025
36 points (89.1% liked)
Hacker News
2323 readers
342 users here now
Posts from the RSS Feed of HackerNews.
The feed sometimes contains ads and posts that have been removed by the mod team at HN.
founded 11 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The goal is basically to prevent end users from using weak passwords and to make it much harder for phishing to occur, both of which IMO are kind of necessary. The vendor lock-in and the slow development of FOSS implementations are not great though. It's also not great how passkey support on at least Android seems to require proprietary blobs.
...will no longer be a problem, thanks to this
https://fidoalliance.org/specifications-credential-exchange-specifications/
Here's a video of the FIDO Alliance Executive Director & CEO, Andrew Shikiar, talking about those specifications. https://youtu.be/4gdc9p9KyQk?t=846
Bitwarden / Vaultwarden are OSS and work fantastic across all my devices. IMO it's more convenient than passwords now, ESPECIALLY if you'd have to enter a 2fa code as well.
IIRC it took them a little while to add support, but I was more thinking of stuff like KeePass. KeePassXC has passkey support, but AFAIK none of the Android apps do yet (although it sounds like KeePassDX is getting close, finally). Also, when I was using Bitwarden, I had issues with some services not liking its passkey implementation (despite being fine with Proton Pass for whatever reason). May be fixed now, but it was incredibly annoying at the time.
Hm, yes, that sounds annoying indeed. Maybe I just have not encountered such an app/site yet, but louckily, the bitwarden integration has been working flawlessly for me.