Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • Natanael@slrpnk.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The main point is all those attacks need to attack the local software or hardware implementation on one of the two ends (or a cert issuer), and even then it’s replay protected so for example an XSS attack lasts only for one session, so it’s more robust.

    • hedgehog@ttrpg.network
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Correct, but that doesn’t change the fact that “Passkeys can’t be phished” is not true.