Readit Newsvarjolintu commented on Don't use passkeys for encrypting user data blog.timcappalli.me/p/pas... · Posted by u/zdw
The problem with passkeys is that they aren’t exportable (at least from Bitwarden).
Actually, if you export your vault as JSON, the passkeys are there in plain-text.
varjolintu commented on Discord will require a face scan or ID for full access next month theverge.com/tech/875309/... · Posted by u/x01
They are planning on doing something similar:
Discord is also rolling out an age inference model that analyzes metadata like the types of games a user plays, their activity on Discord, and behavioral signals like signs of working hours or the amount of time they spend on Discord.
“If we have a high confidence that they are an adult, they will not have to go through the other age verification flows,”
I'm curious to know what this "model" actually means. A real-time AI monitoring for conversations?
varjolintu commented on Passkeys: They're not perfect but they're getting better ncsc.gov.uk/blog-post/pas... · Posted by u/ashergill
> I read about Passkey comittee being against open source passkey managers during start of this year (can't reference it, sorry) but with open source password/key managers already supporting passkeys, i don't think it turned out to be true.
Here's an Okta employee threatening to use the attestation (anti)feature of passkeys to block open-source implementations, because they allow you to export your passkeys: https://github.com/keepassxreboot/keepassxc/issues/10407#iss...
FYI: If you export your Bitwarden vault as plain JSON, passkeys are included in plain-text too. So, it works similar to KeePassXC.
varjolintu commented on Passkeys and Modern Authentication lucumr.pocoo.org/2025/9/2... · Posted by u/Bogdanp
The walls are going to come down. KeyPassX supports passkeys and allows you to export them as you wish. 1Password and Apple Passwords have both said they're going to support exporting and importing of passkeys.
Yes, it's awful during the transition period while the tech matures, but there is a path towards a great future.
KeePassX is long dead, and it's not with "key" but with "kee" -> KeePassXC. Thank you :)
Can anyone translate the sign?
ようこそ 日本一のモグラえき 土合へ
Translates to something like: "Welcome to Doai, Japan's number one mole station (mogura-eki)".
The worst thing about passkeys is how browser extensions must handle them: using JavaScript injections to the web page. Of course this means _any_ browser extension could do the same and be the man-in-the-middle inspecting the passkey creation and authentication.
I'd be glad to have some kind of standard API behind a proper permission for handling passkeys.
In general any one can make a passkey app. Keepass chooses to be out of spec. No one is gatekeeping them. If an nginx server receives bad data it spits out a 400 error instead of processing the request. One of the reasons browsers are still effed up is because they refused to be standards compliant and were still paying for quirks mode. I would like to see this article complain about an http server handling a bad actor.
Otherwise, create multiple passkeys. Create a passkey in your ios keychain and in your Keepass app. This walled garden has a gate, walk through it.
According to this list majority of the clients are out of spec: https://passkeys.dev/docs/reference/known-issues/
I would have naively thought that there'd be a better and safer API for it, considering that all browsers already have the infrastructure in place to handle login autocomplete.