|
|
|
|
|
|
by acdha
545 days ago
|
|
|
Except in this case it’s really important to learn how the implementation works because it has meaningful differences: If you login to Google.com with a password, the remote server knows your password and if you are phished the attacker can use your password to access Google. If you login to Google.com using a passkey secured by Windows Hello, your PIN or biometric check is between you and your computer, and the passkey is used for a public key exchange with Google’s servers. They do not know your PIN and you cannot be phished. That’s a transformative change. |
|
|