A lot of services support passkeys. Microsoft even has an option to make my account “passwordless”. Since they are more secure than passwords, will you be switching some / most of your accounts to passkeys any time soon? Interested to hear everyone’s thoughts on passkeys. 🔑

  • Dark Arc@social.packetloss.ggEnglish
    1·
    1 month ago

    Close but private keys don’t get sent.

    It sends information encrypted via your public key to your client, then your client proves that it’s the real owner of the key by decrypting the message, and then sending a new message back encrypted by the private key that the server can then verify.

    This is what’s better than a password, the information for providing authentication (the private key) never leaves your computer (where as you almost in all implementations of password based auth, send the password itself to the server).

    • JubilantJaguar@lemmy.world
      0·
      1 month ago

      A question, since you sound like you know what you’re talking about. Is this analagous to password-free SSH? I.e., private key used to log in on the basis of a pre-agreed public key?

      • Dark Arc@social.packetloss.ggEnglish
        1·
        1 month ago

        Yeah basically. See “What is a passkey” on https://fidoalliance.org/faqs/#PasskeysFAQs

        From a technical standpoint, passkeys are FIDO credentials that are discoverable by browsers or housed within native applications or security keys for passwordless authentication. Passkeys replace passwords with cryptographic key pairs for phishing-resistant sign-in security and an improved user experience. The cryptographic keys are used from end-user devices (computers, phones, or security keys) for user authentication.