Passkeys might really kill passwords - eviltoast

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

    • Spotlight7573@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      9 months ago

      Basically, but with a separate public/private key pair per login so they aren’t able to link your identity between sites or accounts with it and also synced or stored in a password manager so you don’t lose them.

    • IHawkMike@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      Yep! In fact you can still use client certificates in certain passkey/WebAuthN authentication flows. It’s more or less how Windows Hello for Business works (although X.509 certificates are only one type of key it supports).