I think of myself as tech savvy but for some reason i either missed the memo on Passkeys, or just misunderstand how the thing works. Im reasonably sure my parents/granparents will start asking me about this stuff soon (as google / other websites push it on them), and id really like to understand it myself first so i can explain it to them as well.
Right now, to login to website/account/etc i just need to know my login (i.e. my email address, or my username) and my password. For example, “FakeDogLover”+”CatsRule123”. How is Passkey different?
In: 1799
Let’s say I have an extremely tall treehouse, one where I can’t see who is visiting, but it requires a secret to enter.
We decide instead of passwords, we’re going to do something different. Since anyone can discover your password, we’re going to exchange information in a way to make sure it’s actually you.
So let’s say when you want to come in, I’ll tell you a secret word, and then you’ll take a video of you saying your password and the secret word and send it back to me. Now I’m using at least two factors to determine that this is you, and that you’re actually asking to come up right now.
This is essentially what passkeys are attempting to do, except instead of a video, it’s something you have, like your cellphone.
When you visit a website, they’ll send your device a challenge. The device is allowed to do whatever to make sure it’s you, and once confirmed, takes a secret it has previously established along with the challenge and makes a result. That’s sent back to the website, and as long as it’s what the site expects, you can get in.
Latest Answers