Gregory's Server@nikitonsky Passkeys are more like hardware keys. They are tied to a domain, so phising for a passkey on another domain is not possible…
|
6 comments
 @nikitonsky Almost. Passkeys have an API. Password managers too, but they can also used by hand so they can be phished.  @nikitonsky Never seen such a password manager. Also: passwords might get sniffed. With passkeys, you need to hijack the communication channel, because of the challenge/response nature (but I'm no expert). However, the difference between passwords and passkeys might be more applicable to "normal" users (although even experts get phished sometimes). @doekman I mean, what password manager gives you: - Unique password per site But I like signing the challenge part instead of sending entire password. That’s the part password managers don't give you @nikitonsky I'm not in favour of passkeys. The passkey on GitHub doesn't work anymore for some reason (yubikey does work). However, passwords have problems. They can be stolen (and you only notice it when it's too late). Password managers are not fool proof. I use Safari, and that's probably the worst offender. But my girlfriend uses Chrome’s, and it just doesn't work all the time. 1/2 |
@doekman same as with password managers?