The cryptography behind passkeys

Original Article ↗ Hacker News Discussion ↗

Vendor lock-in, portability, and exports

  • Many commenters like passkeys’ UX but strongly distrust the ecosystem lock-in, especially Apple/Google/OS-bound implementations.
  • Open-source password managers (Bitwarden, KeePassXC, Strongbox, Vaultwarden, etc.) are praised for storing and syncing passkeys in user-controlled ways, sometimes including plaintext export of key material.
  • That same exportability is controversial: spec authors have warned that clients enabling raw key export could be blocked by websites via attestation, which several see as hostile to user freedom.
  • FIDO is drafting an official “Credential Exchange” import/export standard, but people worry vendors will disable exports “for security” to preserve lock-in.

Attestation, security vs freedom

  • Attestation (proving the authenticator type/vendor) is viewed as both the “best” and “worst” feature.
  • Enterprises want it to enforce hardware-backed, non-exportable keys (e.g., TPM/FIPS devices) and eliminate separate MFA flows.
  • Privacy- and freedom-minded users fear attestation will be used to ban open-source clients, exclude rooted/alt-OS devices, and centralize control.
  • Apple’s consumer passkeys reportedly avoid attestation (empty AAGUID), which some see as a partial privacy safeguard.

Backups, recovery, and hardware keys

  • Hardware tokens (YubiKeys, smartcards, even crypto wallets) are valued for strong, non-exportable security but criticized for poor backup stories (no cloning, manual multi-key enrollment).
  • People debate strategies: multiple keys (local/remote), spreadsheets to track enrollments, safety-deposit storage, or relying on vendor cloud-sync.
  • A recurring fear: house fire / device loss leading to irreversible lockout vs. weaker—but recoverable—mechanisms like email/SMS recovery.

Security benefits vs passwords/TOTP

  • Passkeys are praised for: site binding (phishing resistance), no credential reuse, and not being stored server-side.
  • Critics note that for users already using strong, unique passwords in a good manager with domain-locked autofill, the marginal benefit is smaller.
  • Long debate over TOTP: still phishable and often stored in the same vault as passwords, but dramatically reduces damage from server leaks and credential stuffing.

Usability, DX, and real-world deployments

  • Some report smooth cross-device use with 1Password/Bitwarden and platform passkeys; others describe extremely flaky UX, especially when phone-as-authenticator, Bluetooth, and multiple networks are involved.
  • One implementer rolled back a passkey deployment after widespread support issues; TOTP, while imperfect, remained supportable with well-understood failure modes.
  • Complexity of error handling, recovery paths, and multi-device setups is seen as a major barrier to broad, supported rollouts.

Adoption, tooling, and open questions

  • Perceived traction is mixed: widely integrated on Apple platforms and major sites, but Linux/alt-OS support and CTAP2 “use your phone” flows are still patchy.
  • Some users avoid passkeys entirely until vendor-neutral import/export and open-source-friendly paths are clearly standardized and socially accepted.
  • Technical questions remain about sync “root-of-trust” key strength (especially with low-entropy device PINs) and how exactly TLS/session state interacts with passkey challenges behind CDNs and load balancers.