• @[email protected]
    link
    fedilink
    English
    72 months ago

    That was my take too.

    Security training was something you know, and something you have.

    You know your password, and you have a device that can receive another way to authorize. So you can lose one and not be compromised.

    Passkeys just skip that “something you have”. So you lose your password manager, and they have both?

    • @Spotlight7573
      link
      English
      62 months ago

      I think you mean that passkeys potentially skip the something you know. The something you have is the private key for the passkey (however it’s stored, in hardware or in software, etc). Unlocking access to that private key is done on the local device such as through a PIN/password or biometrics and gives you the second factor of something you know or something you are. If you have your password manager vault set to automatically unlock on your device for example, then that skips the something you know part.