Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • @killeronthecorner
    link
    English
    1
    edit-2
    1 year ago

    Each to their own but cloud syncing and MFA are a bad mix in my eyes. It has a “who watches the watchmen” problem and it somewhat defeats the point of having a trusted factor when you have an untrusted one on “someone else’s computer”.

    Authy have demonstrated why this is a problem (https://techcrunch.com/2022/08/26/twilio-breach-authy/), plus they’re closed source, so it’s a big no from me.

    • @[email protected]
      link
      fedilink
      English
      41 year ago

      Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.

      • @killeronthecorner
        link
        English
        21 year ago

        Yeah, this is fine. It’s closed source, opaque cloud solutions that people should be wary of.