Comment

Comment on Big Tech passkey implementations are a trap | Proton

viralJ@lemmy.world ⁨2⁩ ⁨months⁩ ago

Could someone ELI5 (if possible) what passkeys actually are?

source

Sort:hotnew top

callmepk@lemmy.world ⁨2⁩ ⁨months⁩ ago
Basically hardware keys (like YubiKey) without hardware

source
- zewm@lemmy.world ⁨2⁩ ⁨months⁩ ago
  So…. Software keys…
  
  source
  - mp3@lemmy.ca ⁨2⁩ ⁨months⁩ ago
    a.k.a password-protected certificates
    
    source
  - SuperIce@lemmy.world ⁨2⁩ ⁨months⁩ ago
    [deleted]
    source
    locuester@lemmy.zip ⁨2⁩ ⁨months⁩ ago
    Most in the crypto industry wouldn’t consider a hardware key that shares metal with an internet connected device to be a very safe hardware key though. Of course when your hardware key such as a ledger or yubikey is plugged into your computer, now it’s also sharing metal.
    
    I think the industry needs a term to differentiate between all these categories of hardware wallets.
    
    The best is an airgapped hardware wallet such as Keystone.
    
    source
    -> View More Comments
Dark_Arc@social.packetloss.gg ⁨2⁩ ⁨months⁩ ago
Not ELI5 level but…

If you understand SSH keys, it’s basically that there’s a private key and a public key.

Whatever website has a copy of the public key, they encrypt something with the public key, you decrypt it, reencrypt it and send it back (where they can then decrypt it). By performing that round trip, you’ve verified you have the correct key, and the “door opens.”

source
Swarfega@lemm.ee ⁨2⁩ ⁨months⁩ ago
I guess it’s a bit like a bank card with a PIN. You go to pay for something and your card stores your credentials on it. To allow those credentials to be read you need to unlock them using the PIN.

source