- cross-posted to:
- news@lemmy.linuxuserspace.show
- cross-posted to:
- news@lemmy.linuxuserspace.show
Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
Many apps now do the ‘app opens the browser for login’ process instead of having the login in their actual app. They don’t have to implement all the different ways to log in then, they can just use the same system that their normal account management stuff on their site uses.
You can get greater security with hardware-backed solutions like a TPM but the adoption rate was not great. I think the goal is to improve things over passwords, even if the credentials are then available on multiple devices via a sync or a password database file. Perfect being the enemy of good and all that. Hardware options still exist and you can still use them; they use the same WebAuthn standard that passkeys use.