Passkeys and 2FA recovery codes are all just shitty replacements for passwords. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dheera on Dec 26, 2024 \| parent \| context \| favorite \| on: A Tour of WebAuthn Passkeys and 2FA recovery codes are all just shitty replacements for passwords. Fight me. Grandmas and Joes end up putting these recovery codes in a Google doc because they don't know what the hell else to do with them. That is NOT more secure. Hell, even try explaining the difference between the "secret key" and the "password" in 1password to a non-technical person. It's impossible.

paulddraper on Dec 27, 2024 [–]

> That is NOT more secure.

"More" implies a comparison to something.

Given that Grandmas+Joes were using "passw0rd!" for all their passwords, I would argue their GDoc of backup codes is considerably more secure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact