|
|
|
|
|
|
by sitharus
603 days ago
|
|
|
It depends on your security risk profile and the type of passkey provided. The passkey's response describes if the credential is transferrable or not, and if the user has been positively verified as present. They're as secure as having your password + 2FA in a password manager. |
|
|
[0] https://github.com/keepassxreboot/keepassxc/issues/9339
[1] https://keepassxc.org/blog/2023-06-20-cve-202335866/
edit: This actually might be a better thread to hear some of the debate between an Okta dev and the KeepassXC team:
https://github.com/keepassxreboot/keepassxc/issues/10406