• @cashew
    link
    English
    111 month ago

    It uses asymmetric cryptography. You sign a login request with the locally stored private key and the service verifies the signature with their stored public key. The PIN on your device is used to unlock access to the private key to sign the login request.

    • @AWittyUsername
      link
      English
      41 month ago

      So isn’t the pin now the weakest link and shorter than a password

      • @Spotlight7573
        link
        English
        101 month ago

        Typically in most situations where a PIN is used on a modern device, it is not just the number you enter but some kind of hardware backing that is limited to the local device and also does things like rate limiting attempts.