Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you the author? If so I would love to talk with you more about your vision and goals.

I personally would like reusable keys, and I agree namespace or some other mechanism is needed.

I generally prefer to link my identity among websites and I'm generally not concerned about anonymity or privacy. "A key for each website" is nearly worthless to me.

The ability of others to spoof my identity because a website uses passwords, and most websites provide little to no logging, let alone a standardization, infuriates me. That is a outsized use case I see little attention given to.

If I tweet, users are forced to trust Twitter's authentication system that I tweeted. I don't trust Twitter's authentication systems.

Public key authentication permits third parties to verify my actions without the need to trust system authentication systems.



I too am interested in the small slice of the problem that is replacing passwords with something asymmetric. The rest is kinda out of scope IMO. OPAKE is cool but definitely not less complicated than WebAuthn and doesn't do anything related to solving phishing and tracking etc. either. Keys seem like a natural solution. WebAuthn is actually really good but browsers don’t yield enough control for people to use it in a portable identity style, which I also agree isn't the devil.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: