• @Spotlight7573
    link
    English
    2
    edit-2
    2 months ago

    You do realize that your biometric authentication techniques don’t actually send your biometrics (e.g. fingerprint/face) to the website you’re using and that you are actually just registering your device and storing a private key? Your biometrics are used to authenticate with your local device and unlock a locally-stored private key.

    That private key is essentially what passkeys are doing, storing a private key either in a password manager or locally on device backed by some security hardware (e.g. TPM, secure enclave, hardware-backed keystore).

    • @[email protected]
      link
      fedilink
      English
      12 months ago

      Sure I knew that. I just didn’t know if that was a “passkey” or some other private key mechanism.