|
|
|
|
|
|
by Ferret7446
472 days ago
|
|
|
It's not, though. The passkey itself is strictly a single factor. That's kinda the point, to reduce user toil. Your passkey could have 2FA locally (e.g., a Yubikey with a PIN), but that is up to your discretion. It may be single factor. |
|
|
The passkey alone is not sufficient to log in. You must also provide a successful response to the WebAuthn challenge from an authenticator that has been registered/configured with that passkey.
> That's kinda the point, to reduce user toil.
It's almost as if letting people elect to enter their secure, never-written-down-anywhere-else passphrase would accomplish that.