- cross-posted to:
- wired@rss.ponder.cat
- cross-posted to:
- wired@rss.ponder.cat
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
When a website gets hacked they only find public keys, which are useless without the private keys.
Private keys stored on a password manager are still more secure, as those services are (hopefully!) designed with security in mind from the beginning.
If a website with old-school passwords gets hacked, the hacker only gets salted hashes of passwords - this does not seem to be much worse?
(Websites that store plaintext passwords surely won’t implement passkeys either…)