|
|
|
|
|
|
by jazzyjackson
541 days ago
|
|
|
It surprised me too since I thought the whole point of passkeys is that you're using a thing-you-own to authenticate, but really the whole point is that the security credential is never transmitted to the service doing the auth. |
|
|
It’s a pretty powerful/complex spec allowing various use cases, from a modern way to store SSH keys on hardware credentials to a more usable and less phishable password replacement backed entirely by software.