What is a passkey, in practice? Is it a file? A token? Can I keep it in an USB drive? How can I save it in case of device loss? - eviltoast
  • hedgehog@ttrpg.network
    link
    fedilink
    arrow-up
    3
    ·
    14 days ago

    If I were talking about Passkeys and comparing them to client certificates, even though I don’t know much about client certificates in practice, I would say:

    • Passkeys can be installed in your password manager, which handles securely syncing it to all of your devices
    • Websites can make it very easy to create or log in with a passkey
    • Far more websites support passkeys
    • Websites can support multiple passkeys per user
    • The user experience is far better with passkeys
    • Even if your password manager isn’t installed on a given machine, you can still log in with a passkey via your phone, so long as both devices have bluetooth enabled. This allows you to log in on an untrusted device, like a library computer, without exposing your password (though unfortunately that would still result in that computer having access to the session and being able to modify account settings - best practice would be to log out when you’re done and then, from a trusted device, confirm that you were logged out / log out of all devices.)