frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Passwords are okay, impulsive Internet isn't

https://www.dedoimedo.com/life/passwords-passkeys.html
3•brycewray•1y ago

Comments

palata•1y ago
Hmm... I see a rant against the state of software (bad software, AI diarrhea, ...) and TooBigTech having control over everything. I can agree with that, but it has nothing to do with the "passwords vs passkeys" question.

The rant against passkeys? I don't get it. Just like one can use a password manager controlled by TooBigTech or KeePass, one can use a passkey controlled by TooBigTech or a Yubikey. I find it great to authenticate directly with my Yubikey (over FIDO2) instead of using my Yubikey to decrypt a password and copying it in a form.

And then there is the part that is completely wrong about security. They say that they "can't trust their phone" so they don't want to keep the passkeys there. But that is not correct: if the passkeys are encrypted and the key is stored in a TPM, then that's effectively similar to having a security key (you have to trust the TPM, just as you have to trust the security key of course).

And then there is the nonsense:

> I can set up KeePass Portable on a USB key, run it in Linux via WINE, place it inside an encrypted VeraCrypt container, copy to any which file sharing service, if I want.

If the device where you enter the password is compromised, then the password will be compromised as soon as you enter it on that device. No matter how much you show off with your funny setup with WINE and VeraCrypt. A password manager doesn't protect against that, so passwords can be exfiltrated as they are used. Whereas a FIDO2 authentication requires the passkey every time. E.g. I need to physically touch my Yubikey for it to sign the challenge. It could be MitM, but it is visible ("I touched my Yubikey and it didn't work, what happened?").

Authenticating over FIDO2 with a security key is strictly superior to entering a password in a field, period.

"Stop Moralizing AirCon": How Institutions Shift Responsibility onto Individuals

https://jdjayne.substack.com/p/moralizing
1•theanonymousone•2m ago•0 comments

Google: Earthquake early warning system did not work properly in Turkey

https://www.heise.de/en/news/Google-Earthquake-early-warning-system-did-not-work-properly-in-Turk...
2•teleforce•4m ago•0 comments

9 Months of Agentic Development

https://www.benko.app/blog/9-months-of-agentic-development
1•dools•4m ago•0 comments

The 18-Months Deadline

https://adlrocha.substack.com/p/adlrocha-the-18-months-deadline
2•adlrocha•14m ago•0 comments

antiware-JS

https://www.npmjs.com/package/antiware-js?activeTab=readme
1•mohamed-medhat•17m ago•0 comments

Lisper.io

https://lisper.io.
1•rifflax•19m ago•1 comments

Learning Multi-Agent Coordination via Sheaf-ADMM

https://pub.sakana.ai/sheaf-admm/
1•hardmaru•23m ago•0 comments

LongCat-2.0

1•rika321•23m ago•0 comments

Show HN: A live badge that proves your SaaS runs on EU infrastructure

https://euroseal.pages.dev
1•robpus•26m ago•0 comments

Job descriptions got longer than CVS receipts

https://www.businessinsider.com/job-descriptions-longer-than-cvs-receipts-ai-2026-7
1•ilreb•28m ago•0 comments

Intuitive Quantum Electrodynamics

https://forwardscattering.org/page/Intuitive%20Quantum%20Electrodynamics
1•Ono-Sendai•28m ago•0 comments

Show HN: MM to Inches converter with fractional inch references

https://mm-to-inches.net
1•robot1996•33m ago•0 comments

Concentration of power in AI is a risk, by Andy Konwinski

https://xcancel.com/i/article/2072830533739192560
2•alecco•33m ago•0 comments

The "Collosophone"

https://pressforsound.com/tag/collosophone/
1•Eridanus2•35m ago•0 comments

AWS Lambda MicroVMs: The Compute Nobody Asked For?

https://www.confessionsofadataguy.com/aws-lambda-microvms-the-compute-nobody-asked-for/
1•nosky•36m ago•0 comments

8 Comprehensive WebSite Health Check Ups

https://urlwatch.io/
2•mssblogs•40m ago•0 comments

Claude Design System Prompt

https://github.com/Trystan-SA/claude-design-system-prompt
1•handfuloflight•46m ago•0 comments

Creed: Canonical Markdown File

https://creed.md/home
1•handfuloflight•48m ago•0 comments

Train SIM Created by Just One Person Is Being Called the Best Ever Made

https://kotaku.com/a-train-sim-created-by-just-one-person-is-being-called-the-best-ever-made-2000...
3•oumua_don17•49m ago•0 comments

Apocketlypse

https://0dd.company/galleries/triumph/1.html
10•scaglio•57m ago•1 comments

Surus Agentic Postgres Companion

https://github.com/Geometrein/surus
1•geometrein•57m ago•1 comments

Show HN: Super fast pipeline for finding specific paths across mills of domains

https://github.com/Kirill89/webcensus
1•k1r111•1h ago•0 comments

A Postmortem of an LLM Social Network

https://armx64.medium.com/emergence-without-understanding-a-postmortem-of-an-llm-social-network-9...
1•_pdp_•1h ago•0 comments

Show HN: Reactive Resume v5 – free, private, self-hostable resume builder

https://github.com/amruthpillai/reactive-resume
1•AmruthPillai•1h ago•0 comments

Arrest 0.2.1, an HTTP client with data validation

https://github.com/s-bose/arrest
1•s-bose•1h ago•1 comments

Letter addressed to 'woman in Cornwall shed' arrives at its correct home (2021)

https://metro.co.uk/2021/07/01/letter-addressed-to-woman-in-cornwall-shed-arrives-at-its-correct-...
1•joebig•1h ago•0 comments

Bad Epoll (CVE-2026-46242)

https://github.com/J-jaeyoung/bad-epoll
1•g0xA52A2A•1h ago•0 comments

A Theory of Arrays (ToA) Union Find

https://www.philipzucker.com/toa_unionfind/
1•g0xA52A2A•1h ago•0 comments

Web-based cryptography is always snake oil

https://www.devever.net/~hl/webcrypto
10•enz•1h ago•7 comments

Knowledge Should Not Be Gated

https://www.formaly.io/blog/knowledge-should-not-be-gated
2•nezhar•1h ago•0 comments