Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

    • killeronthecorner@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Each to their own but cloud syncing and MFA are a bad mix in my eyes. It has a “who watches the watchmen” problem and it somewhat defeats the point of having a trusted factor when you have an untrusted one on “someone else’s computer”.

      Authy have demonstrated why this is a problem (https://techcrunch.com/2022/08/26/twilio-breach-authy/), plus they’re closed source, so it’s a big no from me.

      • derpgon@programming.dev
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.