• toastal
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    What is wrong with good ol’ TOTP & FIDO2?

      • toastal
        link
        fedilink
        English
        arrow-up
        4
        ·
        4 months ago

        Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security. – https://developer.apple.com/passkeys/

        Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.

        • gibson@sopuli.xyz
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          you can still use a yubikey or even a password manager like keepassxc with passkeys, no need for any google/apple or even secure enclave.

          • toastal
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            These passkeys want to be unique per site/services & many hardware tokens only have a handful of slots for storage which means such dedicated don’t really work & storing them on say your laptop with your other passwords probably isn’t ideal with Keypass. Many security experts don’t see the advantage over a good hardware token + unique password. Like Big Tech trying to reinvent XMPP with RCS, I feel they are trying to do the same with passkeys so they benefit them.