Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why should I be forced to upgrade? Non-resident keys also eliminate weak passwords and password reuse. Using resident keys only add marginal improvement (ie. you can plug in a key and the service knows which account it belongs to), and that doesn't seem like a good justification to deprecate all the existing authenticators in use today.


Maybe not for us, but for the vast majority of users, they'd pick not having to remember a username OR password for sure.


It’s also make pickpocketing a lot more lucrative if you can grab someone’s wallet and have immediate access to their bank account.


I had never considered this. Somewhat terrifying IF no biometric/pw attached. I expect most people will store on phone, thus it won’t be a huge issue.


Would this not lead back to "losing your phone = can't log in anymore = buy a yubikey"?


The number of existing old yubikeys is absolutely miniscule compared to the number of people who aren't using any keys yet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: