• mabcat
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    I just tried this out with Github. My passkey lives in 1Password so it’s backed up and synced across devices. It also lets me sign in with normal MFA/TOTP if I don’t have the passkey, or use a recovery code. Incidentally @[email protected] this is working in Firefox now.

    • AggressivelyPassive@feddit.de
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      So, it’s just a password with a different name.

      Seriously, what is the functional difference between this and stricter password requirements? I don’t see it.

      • robobrain
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Passkeys use a challenge/response protocol that doesn’t transmit any actual secrets. This makes them phishing resistant as you can’t just “type in your passkey secret” it gitnub .com