• CosmicTurtle0@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    8 months ago

    Your passkey is an encrypted message that authenticates you, the service you’re trying to reach, and your computer.

    If you go to a phishing site, the passkey won’t even come up because the browser doesn’t recognize the site. Granted a dumb user could still use their user/pass but ideally the user has MFA set up so they can’t get far.

    The goal of a passkey is to replace username and passwords entirely so that phishing becomes less common.

    The main issue with passkeys is that unless you have something like a YubiKey or an authenticator (like bitwarden), the passkey is tied to the browser which means if the device gets lost you can’t log in anymore.