Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd switch to passkeys immediately where possible, if Android/Google would allow third party password manager apps to provide and store them. Afaik they still want you to use the Google Password Manager, which is not an option for me.


3rd party passkey provider support is possible on Android if:

- You are using Android 14

- Your manufacturer has added support for it (e. g. Oppo and OnePlus still haven't)

- If you want to use them in chrome, you need to enable the experimental feature at chrome://flags , search for "passkeys" and enable the feature for 3rd party (for brave just replace "chrome" with "brave"

Even with that, support may still be a bit buggy, such as:

- Chrome displaying the "Google Password Manager" logo instead of your password manager's one

- The app/website not understanding properly how to implement them and sending wrong values / sometimes invalid payloads

But let's hope this technology gains massive adoption, proper support and can help non-technical users benefit from increased security at (almost) no cost.

Disclaimer: work for a Password Manager


Oh, that's good news. I guess I wasn't up to date...


You can use any passkey provider app. I work at Bitwarden and we’re building mobile passkeys for android right now. We can do the e2e sync, but if you want you can always self host Bitwarden server and just use our clients app.


The BitWarden passkey dialog irks me because it makes me click the passkey I want, even if I have exactly one. It would be better to have a feature where I could specify "always use this passkey and don't prompt", since that's what I need 99% of the time.


This has been annoying me as well: WebAuthN even provides metadata that lets authenticators know which credentials they're willing to accept, so at least in that case (usually the flows where you have to enter a username), auto-selection should be possible.

With discoverable credentials (which Passkeys by definition are), i.e. the flows where you don't even enter a username and the website learns it from the selected passkey, I don't think there's a way around a key selection process, but the UI can definitely be improved to distinguish the two.

Maybe something like "website XYZ is trying to verify your account 'username' – is that ok?" vs. "website XYZ wants to authenticate you – which passkey do you want to present to them (if any)"?


Good feedback, thanks! will bring it up when I’m back at work


Thanks! I also opened a feature request on the same thing a while ago.


This is such a big small thing.

Patiently waiting for passkey support on Bitwarden iOS to replace all my passwords everywhere.

Do you guys have any rough idea how far away you are from launch? Is it weeks? Months? Quarters?


I'm already seeing Bitwarden as an option for Passkey authentication on iOS! Apparently the app already exposes itself to iOS as a WebAuthN backend (or the API is the same as that used for password managers).

Unfortunately that API doesn't seem to be wired to anything in the app yet, so selecting it inevitably fails.


Very soon


Any testflight one can join to get in on a early beta?

I'm eager to give it a try.


Send an email to me at [email protected] and I’ll look into it!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: