What is a passkey anyway? You have an app on a separate device - your phone or a key, perhaps. When you create a passkey at a new site, you create two parts: a public key, which you send to the site you're logging in to, and a private key, which you send to your app. When you login, the two keys work together; but this can happen only is you accept the login on your app on the separate device, which may require (say) a fingerprint or face-id before you can access it. I use 1Password for my passkeys; here's how it works. Related: read this article from Ars Technica on why the hated Multi-Factor Authentication (MFA) isn't really that secure, and how passkeys are different.
Today: Total: [Direct link] [Share]
