> Many services I use that do support WebAuthN allow either variant The problem ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tgsovlerkhgsel 41 days ago | parent | context | favorite | on: A Tour of WebAuthn

> Many services I use that do support WebAuthN allow either variant

The problem with "many" is that unless it's 100% of the ones someone cares about, the solution can't really solve the problem, adding an additional pain in the ass and making it easier to just stick with passwords.

Sometimes, a lack of choices is a feature. (Compare e.g.: IPSec vs. Wireguard).

lxgr 41 days ago [–]

How so? You can use the exact same password manager for both.

> Sometimes, a lack of choices is a feature. (Compare e.g.: IPSec vs. Wireguard).

HTTP vs. HTTPS seems like a more appropriate comparison in this context. Passwords and OTPs are really, really phishable.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact