this post was submitted on 28 Aug 2024
94 points (89.8% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

Sadly, the support for passkeys is still lacking.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] cron 5 points 2 months ago (1 children)

looks interesting, a bit like all this "login with google" but without a third party needed.

I've never heard of it before, and the idea is more than 10 years old, so it is probsbly very niche.

[โ€“] min@lemmy.sdf.org 4 points 2 months ago

It ends up being a lot like FIDO or Passkeys but without having to store a separate key for each site. Each key is derived from your master key and the domain so they are all unique, to prevent tracking, but you still don't have to save a separate private key blob for each site. There is also a recovery key built into the spec so that if your master key somehow gets out, you can use your recovery key to prove you're the real person and regain your account to change the signin public key.