|
|
|
|
|
|
by FlxMgdnz
1203 days ago
|
|
|
Not quite. Passkeys are WebAuthn "discoverable credentials", meaning they contain a user identifier as well as a private key for signing. When a site fully supports passkeys, you are able to sign in to your account without having to enter a username, just by using your site-specific passkey (e.g. https://www.passkeys.io). GitHub's current implementation is based on pre-passkey WebAuthn that allows you to add a non-discoverable credential as 2nd factor. To sign in, you still need to enter your username, your password, and then get prompted for your WebAuthn credential, which can be stored on a physical security key, but also on your devices via the platform authenticator capability (Windows Hello, Touch ID, ...). So, while GitHub's current 2nd-factor WebAuthn implementation (as awesome as it is) is not "passkey", I'm sure they will be among the first bigger websites to launch full passkey capabilities on their login page pretty soon. |
|
|