Passkeys might really kill passwords - eviltoast

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • degrix@lemmy.hqueue.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    The benefit of passkeys over passwords is that they’re phishing resistant and use strong encryption. They’re effectively an iteration on yubikeys meaning you can have as many (or as few) passkeys associated with a given login as you’d like. So, you can easily prevent there being a single point of failure in the system.

    Passkeys are tied to accounts and devices and those devices are the only devices used for authentication. This means you can access your account form a public device without that device ever knowing your credentials provided you and your secure device are physically present so it avoids the whole keylogger issue.

    • leftzero@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      This means you can access your account form a public device without that device ever knowing your credentials provided you and your secure device are physically presen

      My secure device is in my other pants, though. I misplace my brain much less often.