Google will now make passkeys the default for personal accounts - eviltoast

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • hedgehog@ttrpg.network
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Even FIDO2 MFA doesn’t protect you from attacks that involve malware running on your machine. If there was a keylogger on their machine then that machine is likely compromised in other ways, and any credentials entered or stored on it should be considered compromised and should be reset.