Hacker News

Mfa passkeys nni dwuma mfa nkora ɔdefo data so

Nsɛm a wɔka

18 min read Via blog.timcappalli.me

Mewayz Team

Editorial Team

Hacker News

Passkys yɛ nokwaredi nkɔso a ɛyɛ anigye sen biara wɔ mfe mu. Wɔyi phishing fi hɔ, yi passwords adesoa no fi hɔ, na wɔde osuahu a ɛnyɛ den a wɔde kɔ mu a wɔde public-key cryptography gyina akyi ma. Nanso adwene a ɛnteɛ a ɛyɛ hu retrɛw wɔ developer mpɔtam hɔ: sɛ passkeys yɛ cryptographic a, akyinnye biara nni ho sɛ wobetumi de encrypt user data nso. Wɔrentumi — na sɛ wobɔ mmɔden sɛ wode bedi dwuma saa a, ɛbɛma nhyehyɛe ahorow a ɛyɛ mmerɛw, a wontumi mfa ho nto so a ebetumi atoto w’adwumayɛfo no mu afi wɔn ankasa nsɛm mu daa. Nea enti a ɛte saa no ntease hwehwɛ sɛ yɛhwɛ nea passkeys yɛ ankasa, nea encryption hwehwɛ, ne baabi a abien no mu paapae wɔ akwan horow so a ɛho hia kɛse ma platform biara a edi adwumayɛ ho data a ɛho hia ho dwuma.

Authentication ne Encryption Yɛ Nnwuma a Ɛsono Ne Titiriw

Authentication bua asɛmmisa biako: "So woyɛ nea woka sɛ woyɛ?" Encryption bua soronko koraa: "So saa data yi betumi akɔ so ayɛ nea obiara ntumi nkenkan gye nnipa a wɔama wɔn tumi?" Saa ɔhaw abien yi kyɛ cryptographic primitives, nanso mfiridwuma mu ahwehwɛde ahorow no gu ahorow kɛse. Ɛsɛ sɛ authentication si pɛnkoro wɔ session biara mu, ebetumi agyina huammɔdi a ɛba bere ne bere mu denam graceful fallbacks so, na enhia sɛ ɛde output koro no ara ba bere biara. Encryption hwehwɛ deterministic, reproducible key access wɔ data no nkwa nna nyinaa mu — a ebetumi ayɛ mfe anaa mfe du du pii.

Sɛ wode passkey di adanseɛ a, wo device no yɛ cryptographic signature a ɛkyerɛ sɛ wokura private key a ɛbata wo account no ho. Server no di saa nsaano nkyerɛwee yi ho adanse na ɛma kwan ma wotumi kɔ hɔ. Bere biara nni hɔ a server no — anaa wo application no mpo — nnya kwan nkɔ private key material no ankasa so. Eyi yɛ ade bi, ɛnyɛ anohyeto. Passkeys ahobanbɔ nhwɛsoɔ no nyinaa gyina kokoam safoa no so a ɛnfiri wo mfiri no ahobanbɔ enclave no mu da. Nanso encryption hwehwɛ sɛ wode di dwuma safoa bi de sesa data, na akyiri yi wode saa safoa koro no ara (anaa ne yɔnko) di dwuma de dan nsakrae no. Sɛ wo ntumi nkɔ safoa no so yiye a, worentumi mfa wo ho nto so ntumi nnye mu.

Platforms te sɛ Mewayz a ɛhwɛ adwumayɛ ho nsɛm a ɛho hia so — invoices, payroll records, CRM contacts, HR documents across 207 modules — hia encryption akwan a wɔasi wɔ keys a ɛyɛ den, wotumi san nya, na wotumi kɔ hɔ daa so. Ɛno a wɔbɛkyekyere no wɔ fapem a wɔayɛ no pɔtee sɛ wɔde besiw safoa kwan so no yɛ adansi mu abirabɔ.

Nea enti a Passkeys Ko tia sɛ Wɔde Di Dwuma Sɛ Encryption Keys

Wɔhyɛɛ da yɛɛ WebAuthn nkyerɛkyerɛmu a ɛhyɛ passkeys ase no de anohyeto ahorow a ɛma encryption a wɔde di dwuma no nyɛ nea mfaso wɔ so. Saa anohyeto ahorow yi ntease da nea enti a eyi nyɛ ɔkwan a mfiridwuma a anifere wom betumi asiw ano — ɛyɛ nhyehyɛe hye titiriw.

  • Safoa biara nni hɔ a wɔde kɔ amannɔne: Wɔde kokoam safoa a wɔayɛ bere a wɔrekyerɛw passkey din no sie wɔ hardware-backed secure enclaves (TPM, Secure Enclave, anaa nea ɛne no sɛ). Operating system ne browser APIs no mma ɔkwan biara a wɔfa so yi raw key material. Wubetumi abisa safoa no sɛ ɔmfa ne nsa nhyɛ biribi ase, nanso wuntumi nkenkan safoa no ankasa.
  • Non-deterministic key generation: Sɛ wobɔ passkey ma ɔdefoɔ korɔ no ara wɔ device soronko so a, ɛma key mmienu a ɛsono koraa. Aba kasasin biara nni hɔ, ɔkwan biara nni hɔ a wɔfa so fi mu, ɔkwan biara nni hɔ a wɔbɛfa so asan ayɛ safoa koro no ara wɔ mfiri foforo so. Nkyerɛwde biara yɛ nea ɛde ne ho wɔ cryptographic mu.
  • Device-bound a ɛwɔ hɔ: Sɛ mpo ɛwɔ passkey syncing (iCloud Keychain, Google Password Manager) a, ɛwɔ hɔ no gyina ecosystem kyɛfa so. Ebia obi a ɔde ne din kyerɛw ne din wɔ iPhone so na akyiri yi ɔdan kɔ Android so no betumi ahwere kwan. Ɔdefoɔ a ne mfiri ayera, wɔawia, anaa wɔde factory-reset no hyia ɔhaw korɔ no ara.
  • Challenge-response nko ara: WebAuthn API no da navigator.credentials.get() a ɛsan de asɛm a wɔde wɔn nsa ahyɛ ase no adi, ɛnyɛ raw key material. Wo nsa ka nsaano nkyerɛwee wɔ asɛnnennen bi a server-de ama so — mfasoɔ wɔ so ma wo ho adanseɛ, mfasoɔ nni so sɛ wobɛnya encryption key.
  • Algorithm a ɛyɛ mmerɛw biara nni hɔ: Passkeys taa de ECDSA a P-256 curve no di dwuma. Sɛ mpo wubetumi anya safoa no a, ECDSA yɛ signing algorithm, ɛnyɛ encryption algorithm. Anka wobɛhia nsakraeɛ foforɔ (ECDH safoa apam, KDF a ɛfiri mu) a API no ntumi mmoa wɔ saa nsɛm yi mu.

Abɔfoɔ binom ahyɛ dwumadie ho nyansa — de PRF (Pseudo-Random Function) ntrɛmu no di dwuma kɔ WebAutn, sɛ nhwɛsoɔ no, de nya symmetric keys wɔ berɛ a wɔregye atom. Bere a saa ntrɛwmu yi wɔ spec no mu no, browser mmoa da so ara nhyia, enni mobile platform pii so, na ɛda so ara nya device-binding haw no fi awo mu. Safoa a ɛnam PRF so nya wɔ afiri baako so no, wɔrentumi nsan nyɛ bio wɔ afiri foforɔ a ɛwɔ passkey soronko so, mpo ma ɔdefoɔ akonta korɔ no ara.

Data a Ɛyera Ho Nsɛm a Obiara Mpɛ sɛ Ɔde Mena

Susuw nea ɛba bere a wode safoa a wonya fi wɔn passkey mu de encrypt ɔdefo bi data. Biribiara yɛ adwuma fɛfɛɛfɛ da a edi kan no. Ɔdefoɔ no kɔ mu, wɔnya safoa no, wɔde encrypted ne decrypted data no a ɛnyɛ den. Afei asram abiɛsa akyi no, wɔn fon no hwe ase wɔ ɔtare bi mu.

Wɔ atetesɛm mu nokwaredi mu no, afiri bi a wobɛhwere no yɛ ɔhaw. Nea ɔde di dwuma no nam email so san nya ne akontaabu no, hyehyɛ adansedi nkrataa foforo, na ɔkɔ so yɛ adwuma. Nanso sɛ wɔde safe bi a wɔakyekyere wɔ afiri a seesei akɔ nsu ase no enclave a ahobammɔ wom no mu na ɛkyekyeree wɔn data no a, ɛnde saa data no nni hɔ bio. Ɛnyɛ "ɛyɛ den sɛ wobɛsan anya" akɔ — cryptographically irreversible akɔ. Adetɔfo mmoa tekiti biara nni hɔ, akontaabu a wɔsan nya no nsu a ɛsen biara nni hɔ, adwumayɛfo mpanyimfo biara a wɔbɛkɔ soro no ntumi nsan akontaabu no. Ebia na wɔapopa data no nso.

a wɔde ahyɛ mu |
na ɛkyerɛ sɛ woayɛ | Ɛyɛ adwumayɛ a ɛkɔ so ho asiane. Eyi nti pɛpɛɛpɛ na Mewayz nhyehyɛɛ no tetew nokwaredi akwan horow fi data ahobammɔ layers ho, hwɛ hu sɛ mfiri biako pɛ a entumi nyɛ adwuma yiye a ebetumi asɛe kwan a wɔfa so nya adwumayɛ ho nsɛm a ɛho hia wɔ ne module ahorow a wɔaka abom no biara mu.

Nea Ɛsɛ sɛ Wode Di Dwuma Mmom

Asɛmpa no ne sɛ nhwɛsoɔ a wɔde asi hɔ yie wɔ hɔ a wɔde bɛkora ɔdefoɔ data so a ɛntɔ passkey afiri no mu. Saa akwan yi yɛ nea wɔasɔ ahwɛ wɔ ɔko mu, wɔaboa no kɛse, na wɔayɛ no titiriw ama encryption dwumadie asɛm no.

Server-side encryption a ɛwɔ safoa a wɔhwɛ so da so ara yɛ nea mfaso wɔ so sen biara a wɔpaw ma application dodow no ara. Wo platform no de safe a wɔde safoa a wɔhwɛ so denam Key Management Service (KMS) a ɛfata so di dwuma — AWS KMS, Google Cloud KMS, HashiCorp Vault, anaa nea ɛne no sɛ. Ɔdefoɔ no di adanseɛ (de passkeys, sɛ wopɛ a!) na server no di encryption ne decryption ho dwuma wɔ ɔkwan a ɛda adi pefee so. Wei ne sɛnea SaaS platform dodow no ara bɔ data ho ban, na ɛyɛ adwuma efisɛ safoa no yɛ nea ɛtra hɔ kyɛ, wɔakora so, wotumi dannan, na ɛde ne ho fi ɔdefo biara mfiri ho.

Encryption keys a wonya fi password mu (a wode Argon2id anaa scrypt di dwuma ma key derivation) fata bere a wuhia nokware zero-knowledge encryption a server no mpo ntumi nkenkan ɔdefo data. Aguadi-off ne sɛ, sɛ wohwere password no a, ɛkyerɛ sɛ wobɛhwere data no, nanso wobetumi akyere password ahorow no agu wo tirim, akyerɛw, na wɔde asie wɔ password managers mu — wɔanto mu wɔ hardware enclave mu. Nnwuma te sɛ 1Password ne Standard Notes de saa kwan yi di dwuma yiye.

  1. Fa passkeys (anaasɛ ɔkwan biara a ɛyɛ den) di dwuma ma nokwaredi — hwɛ sɛ ɔdefo no nipasu.
  2. Sɛ wogye di wie a, nya anaa gye encryption safoa denam safoa sohwɛ nhyehyɛe a ɛyɛ soronko, a wɔde atirimpɔw ayɛ so.
  3. Fa key escrow anaa recovery mechanisms — recovery keys, multi-device key sync, anaa ahyehyɛdeɛ key custody ma adwumayɛ akontaabuo di dwuma.
  4. Fa AES-256-GCM anaa XChaCha20-Poly1305 fa nsafe a efi wo KMS mu no sie data wɔ ahomegye ne bere a ɛrekɔ mu.
  5. Denkyin safoa no bere ne bere mu na hwɛ safoa a wɔabɔ no kokoam backups a ɛtra ase wɔ huammɔdi biako biara mu.

Saa nsɛm a ɛhaw adwene a wɔpaapae mu yi nyɛ adeyɛ a eye sen biara kɛkɛ — ɛyɛ nhyehyɛe biako pɛ a ɛma wutumi yɛ nokwaredi akwan no foforo a ɛnyɛ wo encryption nhyehyɛe no. Sɛ awiei koraa no passkeys dannan anaasɛ biribi a eye sen biara si ananmu a, wo data a wɔabɔ no kokoam no kɔ so yɛ nea wotumi kɔ hɔ pɛpɛɛpɛ.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →

PRF Ntrɛwmu: Bɔhyɛ ne Afiri

Developers a wodi WebAuthn nkyerɛkyerɛmu no akyi pɛɛ no betumi atwe adwene asi prf ntrɛwmu no so sɛ ɛyɛ bridge a ebetumi aba passkeys ne encryption ntam. Saa ntrɛwmu yi ma ɔfã a ɔde ne ho to so no tumi bisa pseudo-random value a wonya fi passkey no kokoam nsɛm mu wɔ nokwaredi guasodeyɛ bi mu. Wɔ nsusuwii mu no, saa botae yi betumi ayɛ adwuma sɛ encryption key anaa aba.

Wɔ nneyɛe mu no, PRF ntrɛwmu no hyia akwanside atitiriw a ɛfa agyede ho. Ɛde besi afe 2026 mfiase no, mmoa no gu ahorow kɛse wɔ browser ne platform ahorow so. Safari dwumadie no yɛ soronko wɔ Chrome deɛ no ho. Android mfiri pii ntumi nnye no koraa. Hardware ahobammɔ safoa no wɔ mmoa a ɛnkɔ so pɛpɛɛpɛ. Wɔ platform biara a ɛsom nnipa ahodoɔ a wɔde di dwuma — na Mewayz som dwumadiefoɔ 138,000+ wɔ dwumadie nhyehyɛeɛ ne mfiri ahodoɔ biara mu — encryption a wɔbɛkyekyere wɔ feature a ɛwɔ patchy availability so no yɛ adwumayɛ mu a wontumi nnyina ano.

Ne titiriw no, PRF ntumi nni ɔhaw a ɛfa mfiri pii ho no ho dwuma. Wɔnya pseudo-random output no firi passkey pɔtee a ɛwɔ device pɔtee no so. Ɔdefoɔ a ɔkyerɛw passkeys wɔ ne laptop ne fon nyinaa so no nya PRF output ahodoɔ mmienu ma akonta korɔ no ara. Anka ɛho behia sɛ wode afiri biako safoa a wonya fi mu no de encrypt data na afei ɔkwan bi so no wosan de encrypt anaa kyɛ saa safoa no ne afiri foforo no — a ɛde wo san ba ntɛm ara kɔkyekye safoa sohwɛ nhyehyɛe a ɛfata ɔkwan biara so. Saa bere no, safoa a wonya fi passkey mu no de nsɛnnennen ka ho a ɛmfa ahobammɔ nka ho.

Asuadeɛ ma Adansifoɔ: Fa Adwinnadeɛ a Ɛfata di dwuma ma Layer a Ɛfata

Sɔhwɛ a ɛne sɛ wode passkeys bedi dwuma ama encryption no fi awosu pa mu — developers pɛ sɛ wɔde cryptography a emu yɛ den di dwuma na wɔtew ahintasɛm dodow a ɛsɛ sɛ wɔn a wɔde di dwuma no so. Nanso ahobammɔ mfiridwuma titiriw fa primitive a ɛfata a wɔde bedi dwuma wɔ layer a ɛfata so. Lock ne safe nyinaa bɔ nneɛma a ɛsom bo ho ban, nanso woremfa deadbolt nhyɛ vault mu anaasɛ woremmɔ mmɔden sɛ wode safe bɛkɔ wo kotoku mu.

Passkeys di mu wɔ wɔn atirimpɔw a wɔayɛ no mu. Wɔatew akontaabu a ɛfa phishing ho so akɔ 99.9% wɔ Google mu deployment mu. Woyi credential stuffing ntua fi hɔ koraa. Wɔde login osuahu a bere koro mu no ɛyɛ ahobammɔ na ɛyɛ mmerɛw sen password ahorow ma. Ɛno yɛ ade a ɛyɛ nwonwa a wɔatumi ayɛ, na ɛdɔɔso. Sɛ wobisa passkeys sɛ wɔn nso nsiesie encryption a, ɛte sɛ wo bisa wo firewall sɛ ɛno nso nyɛ wo backup system — ɛnte architecture no ase.

Sɛ wɔresi nhyiamu a ɛdi adwumayɛ dwumadie a ɛyɛ nkateɛ ho dwuma a, ɛsɛ sɛ adansiɛ no da ahyeɛ a ɛda adi pefee adi. Authentication hwɛ sɛ obi yɛ nokware. Tumi a wɔde ma no na ɛkyerɛ sɛnea wobetumi akɔ hɔ. Encryption bɔ data ho ban bere a wɔagye wɔn ahome ne bere a wɔrefa mu no. Safoa sohwɛ hwɛ hu sɛ encryption safe no bɛtra ase wɔ mfiri a ɛyera, adwumayɛfo a wɔdannan wɔn ho, ne nsakrae a ɛba wɔ infrastructure mu no mu. Layer biara wɔ nnwinnade a wɔde atirimpɔw ayɛ, na sɛ wɔde frafra a, ɛma ɛyɛ mmerɛw a ɛba wɔ mmere a enye koraa mu — bere a ɛho hia kɛse sɛ obi a ɔde di dwuma no nya wɔn data na ontumi.

Ahobanbɔ a wobɛnya no yie a worennyɛ no den dodo

Wɔ SaaS aplikeshɔn ne adwumayɛ kwan dodow no ara fam no, nyansahyɛ a mfaso wɔ so no yɛ tẽẽ: fa anigyede fa passkeys ma nokwaredi, na di encryption no ho dwuma koraa wɔ server-side denam KMS a wɔhwɛ so. Wei ma wo dwumadiefoɔ nya login osuahu a ɛyɛ papa a ɛwɔ hɔ nnɛ berɛ a ɛde infrastructure a wɔayɛ titire ama deɛ ɛbɛtena hɔ akyɛ na wɔasan anya bio abɔ wɔn data ho ban.

Sɛ wo ahunahuna nhwɛsoɔ no hwehwɛ ampa sɛ wɔde encryption a ɛfiri awieeɛ kɔsi awieeɛ wɔ baabi a server no ntumi nnya plaintext data a, fa sika hyɛ client-side encryption architecture a ɛfata a ɛwɔ password-derived keys, recovery codes, ne organizational key escrow — ɛnyɛ passkey-derived shortcuts. Engineering sika a wɔde bɛto mu no sõ, nanso ɔkwan foforo ne sɛ wɔde nhyehyɛe bi a awiei koraa no ɛbɛsɛe obi data a wontumi nnya bio bɛmena.

Ahobammɔ ho gyinaesi ahorow no yɛ kɛse bere a bere kɔ so no. Ɔkwan tiawa bi a wɔfa so nnɛ bɛyɛ atutra ho dae bɔne wɔ mfe abiɛsa mu bere a tete nneɛma a ɛwɔ ase no sesa, mfiri bi abɔde a nkwa wom nhyehyɛe sesa ne nhyehyɛe a ɛne sɛ wɔbɛbom ayɛ adwuma, anaasɛ browser bi pow ntrɛwmu bi. Ɔdansi abstractions a ɛfata so firi mfitiaseɛ — authentication sɛ authentication, encryption sɛ encryption, biara wɔ n’ankasa key lifecycle — ne fapem a ɛma platforms scale kɔ ɔhaha pii a wɔde di dwuma a enni ticking time bomb a wɔasie wɔ cryptographic plumbing no mu.

Nsɛmmisa a Wɔtaa Bisa

Adɛn nti na wontumi mfa passkeys nni dwuma mfa nkora ɔdefo data so?

Wɔayɛ passkeys ama nokwaredi nkutoo, ɛnyɛ encryption. Wɔde wɔn ho to public-key cryptography so de hwɛ sɛ wo nipasu bere a worekɔ mu no, nanso private key no mfi wo device no mu da na application ahorow ntumi nkɔ so. Encryption hwehwɛ sɛ wɔde safe a ɛyɛ den na wotumi san yɛ a ebetumi decrypt data bere nyinaa bere tenten. Passkeys nni saa tumi yi denam nhyehyɛe so, na ɛma ɛnyɛ nea ɛfata titiriw sɛ wɔbɛbɔ ɔdefo ho nsɛm a wɔakora so ho ban.

Sɛ wobɔ mmɔden sɛ wode passkeys bɛkora data so ɔkwan biara so a, dɛn na ɛba?

Wo de wo ho to asiane mu sɛ wobɛkyekye brittle system a wɔn a wɔde di dwuma no bɛto wɔn ankasa data mu daa. Wobetumi atwa passkeys no mu, adannan, anaa wɔde asi ananmu wɔ mfiri ahorow so a wɔmmɔ kɔkɔ. Sɛ wɔde encrypted data kyekyere passkey pɔtee bi a wɔpopa anaasɛ wɔyɛ no foforo a, ɔkwan biara nni hɔ a wɔfa so san nya. Wei de data-hweree tebea a ɛyɛ hu ba a mfiridwuma mu dwumadie dodoɔ biara ntumi nsiw ano.

Dɛn na ɛsɛ sɛ developers de di dwuma sen sɛ wɔde passkeys bedi dwuma ama data encryption?

Ɛsɛ sɛ developers de encryption solutions a wɔde atirimpɔw ayɛ te sɛ AES-256 a ɛwɔ key management a ɛfata, envelope encryption, anaa nhomakorabea ahorow a wɔde asi hɔ te sɛ libsodium di dwuma. Fa nokwaredi ne encryption sie sɛ nneɛma a ɛhaw adwene a ɛsono emu biara. Fa passkeys di dwuma ma deɛ wɔdi mu — passwordless login — ne encryption keys a wɔatu ho ama a wɔde safoa a wɔnya ne storage nhyehyɛeɛ a ahobanbɔ di ho dwuma de bɔ ɔdefoɔ data a ɛho hia ho ban.

Ɔkwan bɛn so na Mewayz di nokwaredi ne data ahobanbɔ ho dwuma ma nnwuma?

Mewayz de 207-module adwumayɛ OS a efi ase wɔ $19/mo a ɛtetew nokwaredi ne data ahobammɔ a ɛde nnwumayɛbea nneyɛe pa di dwuma ma. Sɛ anka wɔde passkeys bedi dwuma ɔkwammɔne so no, platform a ɛwɔ app.mewayz.com no de encryption layers a ɛfata di dwuma ka ahobammɔ login flows ho, hwɛ hu sɛ nnwuma betumi abɔ adetɔfo data ho ban wɔ ahotoso mu a wɔmfa wɔn ho nto asiane mu wɔ lockout tebea horow a efi authentication ne encryption a wɔde frafra mu.

mu

Try Mewayz Free

All-in-one platform for CRM, invoicing, projects, HR & more. No credit card required.

Start Free Try Demo

Start managing your business smarter today

Join 30,000+ businesses. Free forever plan · No credit card required.

Start Free → Watch Demo
Found this useful? Share it.
X / Twitter LinkedIn Facebook WhatsApp

Ready to put this into practice?

Join 30,000+ businesses using Mewayz. Free forever plan — no credit card required.

Start Free Trial →

Related articles

Hacker News

Tennessee grandmother jailed after AI face recognition error links her to fraud

Mar 13, 2026

Hacker News

Shall I implement it? No

Mar 12, 2026

Hacker News

Innocent woman jailed after being misidentified using AI facial recognition

Mar 12, 2026

Hacker News

An old photo of a large BBS

Mar 12, 2026

Hacker News

Runners who churn butter on their runs

Mar 12, 2026

Hacker News

White House plan to break up iconic U.S. climate lab moves forward

Mar 12, 2026

Ready to take action?

Start your free Mewayz trial today

All-in-one business platform. No credit card required.

Start Free →

14-day free trial · No credit card · Cancel anytime