| ▲ | halapro 8 hours ago | |
You're just saying that the user needs to be aware that you cannot forget or delete a password, which applies just the same way to passkeys. Passkeys are effectively just long passwords you cannot see. The mechanism is just gravy. | ||
| ▲ | Borealid 8 hours ago | parent [-] | |
I think there is a difference. Sites usually have the user SEND their password to the site to authenticate. There is no need for sites to be written that way, but that is how they are written. Passkeys cannot, by design, be sent to the site. Instead they use a challenge-response protocol. | ||