Passkey is a generic technology not specific to any vendor. While there are a few versions of it, the long story short is it uses an encryption key you have to authenticate you rather than a password. This makes phishing extremely difficult if not impossible.

There's lots of passkey implementations. All the major browsers have one built in with their included password managers. Most good password managers like BitWarden or 1Password also support pass keys. And if you want to be extra secure, the passkey can be an actual hardware token like a YubiKey.

So yeah you see Google pushing passkeys a lot, and if you use Google password manager it will store your pass keys. But you also see Apple pushing it, and Microsoft also.

[–] nibbler@discuss.tchncs.de 7 points 13 hours ago (2 children)

dont think so. what i gatherd passkeys is a public/private key scheme, much like pubkey auth in ssh logins.

[–] BCsven@lemmy.ca 2 points 12 hours ago (2 children)

Its still just a single factor if some body steals your private key.

[–] Gt5@lemmy.zip 2 points 12 hours ago (1 children)

Yes, buts it’s not something that can be easily guessed or found on a post it on the monitor

[–] BCsven@lemmy.ca 1 points 10 hours ago

True dat. But if they compromise your computer the first thing the look for is key files.

Like my ssh keys are in a root permission file. Protected from general sight, but if somebody compromises my PC with a CVE on then goodbye keys.

At least with hardware key it is removable and requires a button press.

So accessing becomes physical access or quantum computer cracking

[–] nibbler@discuss.tchncs.de 1 points 10 hours ago (1 children)

Its never transmitted, can be stored in HSMs. Anything that's handled wrong is unsafe

[–] BCsven@lemmy.ca 2 points 9 hours ago

Steals it from your system I meant. Which has even happened to security pros.

[–] lambalicious@lemmy.sdf.org 1 points 12 hours ago

Phew!