|
|
|
|
|
|
by dboreham
560 days ago
|
|
|
Passkey can be thought of as software emulation of a smartcard (aka hard token aka Yubikey). When it asks you to save it, that's when it creates the virtual smartcard in some reasonably secure local storage (possibly TPM-secured or at least kernel-secured). The benefit of this approach is that a bot doesn't have the private key. Of course you want to be sure that webauthn on boarding can't be botted. |
|
|