Comment on Passkeys Explained: The End of Passwords
SlartyBartFast@sh.itjust.works 5 weeks ago
Aren’t passkeys just passwords but numbers? Like passnumbers?
Comment on Passkeys Explained: The End of Passwords
SlartyBartFast@sh.itjust.works 5 weeks ago
Aren’t passkeys just passwords but numbers? Like passnumbers?
asmoranomar@lemmy.world 5 weeks ago
No. It’s a completely different process. It’s a bad name for what it actually does. (Unless you’re talking about how computers do things, then EVERYTHING is numbers)
Look up public/private key pair encryption. It’s the process that has changed.
The problem with all these “what are passkeys” guides is that it’s difficult to convey the differences between password and passkeys if you don’t have a deep understanding of encryption or authentication systems.
sugar_in_your_tea@sh.itjust.works 4 weeks ago
Yup, it’s more like TOTP than a password/number.
asmoranomar@lemmy.world 4 weeks ago
TOTP is based on shared secrets, just like passwords. As such, it’s susceptible to many of the issues passwords are and is much closer to passwords than passkeys. Passkeys on the other hand, don’t have shared secrets and operate completely differently under the hood.
sugar_in_your_tea@sh.itjust.works 4 weeks ago
Yeah, the implementation is very different.
I’m just saying that it’s similar from an average user point of view. You set it up once, then your app generates a unique code that the server can associate with you in a way that can’t be broken by a third party watching traffic.