|
|
|
|
|
|
by arvonle
1421 days ago
|
|
|
I feel this article is not quite clear about the whole process. The secret which I take in this case is the private key is supposed to reside in your phone's trusted platform module and to be completely inaccessible nor stored on a server, however it is possible to synchronise your keys through iCloud ? Also what happens when you flash a Qr Code, is Apple involved at any point (which makes it a pretty big spof) ? Can Apple add/revoke login authorisations for individual devices, and if so is there really a fundamental difference between this and an Apple SSO with biometric checks ? From a naïve point of view it resembles Github/lab/tea SSH key-based authentication with extra steps, a us-based third party cloud provider involved and a new sheen of consummate proprietarism |
|
|
Credential stuffing, weak passwords, password database leaks, all solved for with passkeys and leveraging existing smartphone ecosystem security mechanisms. Over time, your casual user might not even need a password manager anymore: your mobile OS is the password manager.