Google will now make passkeys the default for personal accounts - eviltoast

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • Natanael@slrpnk.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Both the website and your physical security token must support the right type of webauthn credentials (the token has storage for a certain number of slots with “discoverable credentials”).

    Passkeys is a variant of the same which is bound to your device’s own TPM / SE security chip or equivalent, plus a synchronization feature for backups.