• Synapse
    link
    31 month ago

    As far as I understand it, passkey is a password replacement and a protocol built on top of FIDO.

    The intention is to replace passwords by cryptographic keys (asymmetric encryption). These keys come in pairs always:

    • a private key: secret and only ever known to you
    • a public key: given to the service you want to authenticate to. This key can also be seen as a lock that can only be open by the matching private key.

    The keys are nothing more than text and they can very well be stored in files on a USB drive, copied, transferre, deleted, etc.

    But passkey also defines the process to exchange and store the keys in a secure manner. Therefore in practice you will always use a password manager and maybe also some specific hardware, to automatically hand the key exchange and secure storage of all the different keys your have for all of the different services you registered to.