Yes, kind of. You’re still giving them your password every time you log in. And it’s on them whether they store it hashed or in plain text. With a passkey, you know that even if they’re hacked, they’ll never get your actual private key.
Comment on [deleted]
MentalEdge@sopuli.xyz 1 day agoDoesn’t a normal modern password, hashed, essentielly do the same thing?
No sabe service has your actual password.
hperrin@lemmy.ca 1 day ago
EncryptKeeper@lemmy.world 22 hours ago
No. When you log into a website your password is sent to the server. A passkey is not.
MentalEdge@sopuli.xyz 22 hours ago
That depends entirely on the service.
Nothing prevents the password from being hashed client-side, only ever sending the hash to the service.
EncryptKeeper@lemmy.world 22 hours ago
True, but with passkeys they’re never sent, by design.
pipe01@programming.dev 16 hours ago
Then that hash is effectively your password
scarabic@lemmy.world 16 hours ago
Granted this was 1999 but I wish I could unsee the shit I saw one day when I did a SELECT password FROM user
kn33@lemmy.world 1 day ago
There’s a few differences. One is the length. Another is the randomness. The biggest, though, is that in a passkey, the server is verified as well. That means phishing is nearly impossible.