|
|
|
|
|
|
by dwaite
1064 days ago
|
|
|
A passkey is a discoverable credential (meaning - a website can ask the system for it without knowing who the user is first) with user verification (meaning, it can ask the system providing the passkey to verify the user). For a platform like a mobile phone or laptop, this user verification might be a biometric or a system password/pin confirmation. For a security key fob, they may have a fingerprint reader or a pin entry pad. Or, they may ask the browser/phone/laptop to prompt for PIN entry on their behalf. One could imagine a wearable using a biometric scan, or even monitoring for continuous wear and only asking for a confirmation gesture/tap. WebAuthn is an API to talk to authenticators, and authenticators are a box which could hold anything from a single factor to a full authentication process. |
|
|