frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Passwords are okay, impulsive Internet isn't

https://www.dedoimedo.com/life/passwords-passkeys.html
3•brycewray•1y ago

Comments

palata•1y ago
Hmm... I see a rant against the state of software (bad software, AI diarrhea, ...) and TooBigTech having control over everything. I can agree with that, but it has nothing to do with the "passwords vs passkeys" question.

The rant against passkeys? I don't get it. Just like one can use a password manager controlled by TooBigTech or KeePass, one can use a passkey controlled by TooBigTech or a Yubikey. I find it great to authenticate directly with my Yubikey (over FIDO2) instead of using my Yubikey to decrypt a password and copying it in a form.

And then there is the part that is completely wrong about security. They say that they "can't trust their phone" so they don't want to keep the passkeys there. But that is not correct: if the passkeys are encrypted and the key is stored in a TPM, then that's effectively similar to having a security key (you have to trust the TPM, just as you have to trust the security key of course).

And then there is the nonsense:

> I can set up KeePass Portable on a USB key, run it in Linux via WINE, place it inside an encrypted VeraCrypt container, copy to any which file sharing service, if I want.

If the device where you enter the password is compromised, then the password will be compromised as soon as you enter it on that device. No matter how much you show off with your funny setup with WINE and VeraCrypt. A password manager doesn't protect against that, so passwords can be exfiltrated as they are used. Whereas a FIDO2 authentication requires the passkey every time. E.g. I need to physically touch my Yubikey for it to sign the challenge. It could be MitM, but it is visible ("I touched my Yubikey and it didn't work, what happened?").

Authenticating over FIDO2 with a security key is strictly superior to entering a password in a field, period.

Show HN: ScreenCI – Always up-to-date product videos from E2E tests

https://screenci.com/
1•ollipal•49s ago•0 comments

Reliability Issues with Jira and Confluence

https://jira-software.status.atlassian.com
1•amaccuish•1m ago•0 comments

LinguaHover – Hover Any Word, Translate Instantly – Chrome Extension

https://chromewebstore.google.com/detail/linguahover-translator-pr/dnkpfkopeeilpfgnehheceebamlcbcgc
1•titan_tokyo•4m ago•0 comments

Show HN: Mochi Analytics

https://www.mochianalytics.com
1•devtanna•6m ago•0 comments

Ask HN: Do you like your AI more than your coworker?

1•general_reveal•6m ago•0 comments

In the Weights

https://intheweights.com
1•dash2•8m ago•0 comments

Bounding the Blast Radius: A Survey of Prompt-Injection Defenses for LLM Agents

https://fabraix.com/blog/nobody-has-solved-prompt-injection
1•ibrahim_abdu777•10m ago•0 comments

What Happens When AI Agents Can Pay Their Own Bills

https://self-sovereign-agent.github.io/
1•_pdp_•15m ago•0 comments

Higher blood glucose levels linked to faster brain aging

https://medicalxpress.com/news/2026-07-higher-blood-glucose-linked-faster.html
1•XzetaU8•15m ago•0 comments

Supply Chain Attack Campaign PolinRider

https://socket.dev/supply-chain-attacks/polinrider
1•_____k•15m ago•0 comments

Poll: Is there an AI bubble?

1•networked•17m ago•1 comments

Generative AI without guardrail can harm learning:Evidence from high school math

https://www.pnas.org/doi/10.1073/pnas.2422633122
1•teleforce•17m ago•0 comments

Tribe in Colorado brings utility scale solar project online

https://www.npr.org/2026/07/06/nx-s1-5779756/despite-stiff-political-headwinds-tribe-in-colorado-...
2•geox•21m ago•0 comments

Claude Code deletes conversations after 30 days

1•mieubrisse•22m ago•0 comments

Adding Homemade TLS to a Homemade Web Server

https://www.dmytrohuz.com/p/adding-homemade-tls-to-a-homemade
1•dmyhuz•27m ago•0 comments

Euclid scientists discover most distant known quasars

https://www.euclid-ec.org/most-distant-quasars/
1•robin_reala•27m ago•0 comments

Ask HN: What is your go-to prompt to prove AI can be wrong?

1•throwaway_887•30m ago•0 comments

Ask HN: Do you guys struggle with finding a right person for your FDE role?

1•getelementbyiq•37m ago•0 comments

Experts offer advice on performing endurance events in excessive heat

https://news.northeastern.edu/2026/07/02/cycling-in-extreme-heat-tour-de-france/
1•ano-ther•38m ago•0 comments

Read Rust Like a Chinese Character

https://dawaba.pages.dev/writing/sometimes-read-rust-like-a-chinese-character/
1•saint-evan•39m ago•1 comments

A Self-Improving Code World Model Agent

https://jdsemrau.substack.com/p/a-self-improving-code-world-model
1•ph4rsikal•42m ago•0 comments

Show HN: Kiwi – Run agentic dev loops in the cloud, keep keys on your laptop

https://github.com/ibreakthecloud/kiwi
1•harshvkarn•43m ago•0 comments

Plex debuts 5-year membership pass for $250

https://arstechnica.com/gadgets/2026/07/250-used-to-get-you-a-lifetime-plex-pass-now-you-get-a-fi...
1•AndrewDucker•43m ago•0 comments

Australia prosecuting Amazon for unilaterally modifying Prime terms [video]

https://www.youtube.com/watch?v=DV2-GLJ2FnM
1•dataflow•46m ago•1 comments

Show HN: I built notion database based no code form builder

https://ndbforms.myurll.in/
1•nookeshkarri7•46m ago•0 comments

The Hitchhiker's Guide to Agentic AI

https://arxiv.org/abs/2606.24937
2•jonbaer•46m ago•0 comments

Show HN: TV Time to Serializd Importer

https://chromewebstore.google.com/detail/tv-time-→-serializd-impor/cpcfkgcidilfibakiaohbekkanlk...
1•Gooblebrai•47m ago•0 comments

your competitor is 10x better than you

https://www.mentionedby.world/
2•aykhanstoic•50m ago•1 comments

What else happened in 1776 [video]

https://www.youtube.com/watch?v=nGMCowI4exk
1•iansteyn•51m ago•0 comments

Venice AI becomes a unicorn with its privacy-first AI platform takes off

https://techcrunch.com/2026/07/01/venice-ai-becomes-a-unicorn-with-65m-series-a-as-its-privacy-fi...
2•felixdoerp•53m ago•0 comments