- cross-posted to:
- technology@lemmy.ml
- technology@beehaw.org
- cross-posted to:
- technology@lemmy.ml
- technology@beehaw.org
You must log in or register to comment.
For me, I’d prefer that everyone just adds biometric authentication techniques. A couple websites do this already and it’s great. Many devices have biometrics built in already and if this was widespread I’d certainly have no problem buying a fingerprint reader for my desktop computer.
You do realize that your biometric authentication techniques don’t actually send your biometrics (e.g. fingerprint/face) to the website you’re using and that you are actually just registering your device and storing a private key? Your biometrics are used to authenticate with your local device and unlock a locally-stored private key.
That private key is essentially what passkeys are doing, storing a private key either in a password manager or locally on device backed by some security hardware (e.g. TPM, secure enclave, hardware-backed keystore).
Sure I knew that. I just didn’t know if that was a “passkey” or some other private key mechanism.
Question - what do you do when the site is hacked and your biometrics are compromised? Issue new ones?
You don’t have interchangeable fingerprints? Keep up with the times /s
The password still works.
That’s literally a passkey.
