Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • Doubletwist
    link
    fedilink
    English
    1910 months ago

    So it sounds like basically it’s just client certificates?

    • @[email protected]
      link
      fedilink
      English
      1410 months ago

      Basically, but with a separate public/private key pair per login so they aren’t able to link your identity between sites or accounts with it and also synced or stored in a password manager so you don’t lose them.

    • @[email protected]
      link
      fedilink
      English
      510 months ago

      Yep! In fact you can still use client certificates in certain passkey/WebAuthN authentication flows. It’s more or less how Windows Hello for Business works (although X.509 certificates are only one type of key it supports).