|
|
|
|
|
|
by patrakov
782 days ago
|
|
|
The problem is that, while your setup has excellent de-facto security, what matters is security posture. The parties that you authenticate to do not know and cannot know that your actual security is better than your posture visible to them. They have nothing to rule out the hypothesis that you use the same password everywhere else, and they still suspect that you can, by mistake, enter the same password on a phishing site. By using passkeys, you prove to the relying parties that you do not use the same credential on another possibly insecure (hackable) website and that the browser will not reuse the credential for you on a phishing site, as it is technically impossible. EDIT: all of the above is based on the marketing materials. I do not have any passkeys, but I use my Nitrokey U2F for 2FA on some important websites. I will possibly switch once platform-level or browser-native support for passkeys (as opposed to extensions like the ones provided by BitWarden or KeePassXC) is available on desktop Linux. |
|
|