Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • frezik@midwest.social
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    9 months ago

    Biometrics can be fine when they are layered on top of other authentication methods.

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Exactly. See my reply in another thread where I describe a “person trap” that I used to go through to get into a secure facility. Its biometric check analyzed the geometry of your entire hand. It wasn’t just a fingerprint scanner.

    • scorpionix@feddit.de
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      I strongly disagree. That’s like using MD5 and saying ‘It’s OK, we use SHA256 down the line’. Information encrypted with it might as well be in plain text.

      • frezik@midwest.social
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 months ago

        That’s not how that works. If you were using MD5 and then immediately SHA256 the output and not using it for anything else, that would be fine. You’re not accomplishing much in this specific case, but it’d be fine.

        When you layer security, the attacker has to pull back each layer. You don’t rely on any singular layer. If the attacker needs biometrics AND a code AND a physical key, that’s very good security.