▲ | Wowfunhappy 9 days ago | |
But if you could back up a passkey, wouldn't the key just be a password? (I do agree with you about backups being essential, but my conclusion was "the idea is fundamentally flawed," rather than "it's one tweak away from greatness.") | ||
▲ | harg 9 days ago | parent | next [-] | |
No, because unlike a password you never provide the private key for a passkey to the site you’re logging into, which is how many password breaches occur. | ||
▲ | burnt-resistor 9 days ago | parent | prev | next [-] | |
This is the irreducible problem. It's the Emperor's New Clothes™. So either the secrets get generated and stored in tamper-protected hardware, or they are stored somewhere else that can be made portable. For the latter, then they ought to be serializable into some standard form. | ||
▲ | hooverd 8 days ago | parent | prev [-] | |
Passkeys solve phishing by being domain bound and never exposing the private key. It's a huge improvement! |