Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think there is a difference.

Sites usually have the user SEND their password to the site to authenticate. There is no need for sites to be written that way, but that is how they are written.

Passkeys cannot, by design, be sent to the site. Instead they use a challenge-response protocol.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: