|
|
|
|
|
|
by Groxx
406 days ago
|
|
|
They're closer to a client side certificate - you never send the server your passkey, you sign data that proves you have it without exposing it. (Or something semantically equivalent anyway) Other than that, which is mostly only a benefit for edge cases around partially compromised devices or servers: yeah they're not much different than random unique passwords. Except they have vendor-lock-in. |
|
|