Saw this [article from The Verge](https://www.theverge.com/2022/8/31/23329373/dashlane-passkeys-password-manager?fbclid=IwAR2osU0FeCEN-NeEM1Mj6NJc2XLhWLbtsntT30hq7eqglghWh-k7iH6Wn94) that is very hyped about it. But it seems like a token is stored on a device, and presumably someone could steal the device and have the same benefits of having all your passwords. I don’t understand how having no passwords makes anyone’s data safer.
In: 2
These methods use public-private key cryptography.
These methods are commonly used for encrypting data. Basically, you have a number (called the public key) that anyone can use to encrypt a message. You also have another number (the private key) that you need to decrypt any message encrypted using your public key. You can give the public key out to anyone to send you encrypted messages with, but only you (with your private key) can decrypt them.
Passkeys use this principle for authentication. You give someone your public key. They encrypt a message and ask you to decode it. If you can decode the message they encrypted using your public key, you’ve proved you’re you.
This is different from a password because, with a password, both you and the person authenticating you needs to know the “secret” information (your password). Piggybacking on public key cryptography means that only you need to have “secret” information (your private key).
Latest Answers