• azalty@jlai.lu
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I have never understood the goal of passkeys. Skipping 2FA seems like a security issue and storing passkeys in my password manager is like storing 2FA keys on it: the whole point is that I should check on 2 devices, and my phone is probably the most secure of them all.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      That was my take too.

      Security training was something you know, and something you have.

      You know your password, and you have a device that can receive another way to authorize. So you can lose one and not be compromised.

      Passkeys just skip that “something you have”. So you lose your password manager, and they have both?