what are passkeys?

292 views

seems like passkeys are the new craze even tho they’ve been around for awhile.

what are they? how do they work?

should I get one?

In: 0

3 Answers

Anonymous 0 Comments

Authentication is proof of your identity and often done with a password.

If someone knows your pasword, that person would have complete access to your account.

In order to reduce the risk of an account comprimise when your password is stolen, multi factor authentication is used. This involves another factor that can’t be copied.

MFA authentication is always *interactive* by the user.

Today, it is often other applications that need (partial) access to your account. Ex: An email client wants access to your mails, etc…

If you only use your email client to read mail, authentication can still use MFA as reading mail involves you as human.

However, if you want to give other applications access to your data, and expect it to run non-interactively in the background, MFA can’t be used.

For those use cases (non-interactive, but secure logon) using passkeys is a specific way to do this.
Instead of having a short static string (such as a password) it is a long key that changes over time and is often bound to a specific device only, so it can only be used on that device.If not, it is saved in a hardware security module on the device itself, so it can’t be compied.

TL;DR: A specific way to perform a non-interactive, but secure authentication.

You are viewing 1 out of 3 answers, click here to view all answers.