Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • @CletusVanDamme
    link
    English
    71 year ago

    Authy on the phone while also using their desktop app. If you lose the phone you still have options.

    • @killeronthecorner
      link
      English
      1
      edit-2
      1 year ago

      Each to their own but cloud syncing and MFA are a bad mix in my eyes. It has a “who watches the watchmen” problem and it somewhat defeats the point of having a trusted factor when you have an untrusted one on “someone else’s computer”.

      Authy have demonstrated why this is a problem (https://techcrunch.com/2022/08/26/twilio-breach-authy/), plus they’re closed source, so it’s a big no from me.

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.

        • @killeronthecorner
          link
          English
          21 year ago

          Yeah, this is fine. It’s closed source, opaque cloud solutions that people should be wary of.