Remix.run Logo
Wowfunhappy 9 days ago

But if you could back up a passkey, wouldn't the key just be a password?

(I do agree with you about backups being essential, but my conclusion was "the idea is fundamentally flawed," rather than "it's one tweak away from greatness.")

harg 9 days ago | parent | next [-]

No, because unlike a password you never provide the private key for a passkey to the site you’re logging into, which is how many password breaches occur.

burnt-resistor 9 days ago | parent | prev | next [-]

This is the irreducible problem. It's the Emperor's New Clothes™. So either the secrets get generated and stored in tamper-protected hardware, or they are stored somewhere else that can be made portable. For the latter, then they ought to be serializable into some standard form.

hooverd 8 days ago | parent | prev [-]

Passkeys solve phishing by being domain bound and never exposing the private key. It's a huge improvement!