• @[email protected]
    link
    fedilink
    English
    -12
    edit-2
    2 months ago

    For me, I’d prefer that everyone just adds biometric authentication techniques. A couple websites do this already and it’s great. Many devices have biometrics built in already and if this was widespread I’d certainly have no problem buying a fingerprint reader for my desktop computer.

    • @draughtcyclist
      link
      English
      122 months ago

      Question - what do you do when the site is hacked and your biometrics are compromised? Issue new ones?

      • dinckel
        link
        English
        12 months ago

        You don’t have interchangeable fingerprints? Keep up with the times /s

    • @Spotlight7573
      link
      English
      2
      edit-2
      2 months ago

      You do realize that your biometric authentication techniques don’t actually send your biometrics (e.g. fingerprint/face) to the website you’re using and that you are actually just registering your device and storing a private key? Your biometrics are used to authenticate with your local device and unlock a locally-stored private key.

      That private key is essentially what passkeys are doing, storing a private key either in a password manager or locally on device backed by some security hardware (e.g. TPM, secure enclave, hardware-backed keystore).

      • @[email protected]
        link
        fedilink
        English
        12 months ago

        Sure I knew that. I just didn’t know if that was a “passkey” or some other private key mechanism.