If you’re using a hardware token like a YubiKey then you do need to enter your PIN before being able to use it.
The main benefit is that you cannot extract the Passkey from the secure element (the token cannot be transformed from what you have to what you know) and it cannot be phished through a fake domain as the challenge-response will not match.
If you’re using a hardware token like a YubiKey then you do need to enter your PIN before being able to use it.
The main benefit is that you cannot extract the Passkey from the secure element (the token cannot be transformed from what you have to what you know) and it cannot be phished through a fake domain as the challenge-response will not match.
I like the yubikey bio series so you use a fingerprint on the key itself. Fido2 only right now