Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It doesn't matter how many different things have support for passkeys. Because they let websites do "attestation" of them, it won't be long until every major website is only allowing logins with passkeys blessed by Microsoft, Apple, or Google.


AFAIK Apple refused to implement attestation, so you can't realistically enforce it. Who knows how long that one is going to last, though.


It’s incorrect - Apple has in fact implemented attestation as can be seen in https://github.com/lbuchs/WebAuthn.


I'm not familiar with all this, but when I run the demo page (https://webauthn.lubu.ch/_test/client.html) on macOS 13.4.1 with Safari (Firefox doesn't work) I get "none" for the apple attestation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: