Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

What happens if some websites don't allow you to add more than one passkey? Now, you need to keep track of which site has backup key, and which site doesn't have one. Also, the website needs to store multiple public keys now.


> What happens if some websites don't allow you to add more than one passkey?

Do you know of any which currently only allow one passkey?


I don't know about Passkeys specifically, but this is unfortunately common enough with WebAuthn rollouts.

I'm not sure if it's true anymore, but Twitter for years only supported a single WebAuthn token.


I think even Amazon does that too still, such a shame


If you’re referring to AWS, they added support for multiple MFA devices last year:

https://aws.amazon.com/blogs/security/you-can-now-assign-mul...

Amazon’s shopping site also lets you set up multiple devices, but I’m not sure when they added that.


No Webauthn support at Amazon.com whatsoever. It's mandatory SMS (you must provide a number and you can't say "I don't want this to be even a backup option") with optional TOTP.


Tailscale only allows one passkey it seems.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: