Passkeys use public key authentication. This makes them very resistent to phishing attacks. It’s also not possible for a phishing site to request authentication via a passkey created on a the original website.
- 0 Posts
- 3 Comments
Joined 4 months ago
Cake day: June 4th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Considering the past week that I’ve had?
I feel that mouse
At least you got cheese :)
In practice, they either use system authentication if you use the implementation bundled with iOS/Android - and sure, that can be Face ID if setup, or other forms of biometric authentication. Both operating systems have APIs that allow password managers to provide their own implementation of passkeys, and in that case you have to authenticate with your password manager - sure most of them support using system authentication (biometrics) as well, but this could also be a master password or hardware key (which work very similar to passkeys by the way).
I’d argue if you don’t assume that whatever system you’re using is reasonably secure/private, you probably shouldn’t enter any passwords on that system either. This isn’t a passkeys vs. passwords problem.