this post was submitted on 16 Oct 2024
273 points (86.4% liked)

Technology

62914 readers
4386 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s
enu
technopagan
L4s
273
Passwords have problems, but passkeys have more (world.hey.com)
submitted 4 months ago by [email protected] to c/technology
187 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pyre 14 points 4 months ago (15 children)

I'm not gonna lie I still don't understand how passkeys work, or how they're different from 2fa. I'm just entering a PIN and it's ok somehow? I don't get it.

[–] johannesvanderwhales 8 points 4 months ago* (last edited 4 months ago) (8 children)

If you've ever used ssh it's very similar to how ssh keys work. You create a cryptographic key for the site; this is the passkey itself. When you go to "log in" the client and server exchange cryptographic challenges, which also verifies the site's identity (so you can't be phished...another site can't pretend to be your bank, and there are no credentials to steal anyway). Keys are stored locally and are generally access restricted by various methods like PIN, passphrase, security key, OTP, etc. When you're entering your PIN it's how the OS has chosen to secure the key storage. But you've also already passed one of the security hurdles just by having access to that phone/computer. It is "something you have".

[–] Valmond 2 points 4 months ago (7 children)

So one password to access them all basically?

That's quite a weakness.

[–] Spotlight7573 4 points 4 months ago (1 children)

So one password to access them all basically?

That's essentially how all password managers work currently though?

[–] Valmond 1 points 4 months ago (1 children)

True, I hoped for something better :-/

[–] Spotlight7573 3 points 4 months ago

If it makes you feel better, most PINs on modern devices are hardware backed in some way (TPM, secure enclave, etc) and do things like rate limiting. They'll lock out using a PIN if it's entered incorrectly too many times.

load more comments (5 replies)
load more comments (5 replies)
load more comments (11 replies)