• @lobut@lemmy.ca
    link
    fedilink
    English
    471 month ago

    Yeah I didn’t understand passkeys. I’m like why is my browser asking to store them? What if I’m using another browser? Why is my password manager fighting with my browser on where to store this passkey?

    I felt so uneasy.

    So I decided not to use passkeys for now until I understood what’s going on.

    • @mosiacmango@lemm.ee
      link
      fedilink
      English
      20
      edit-2
      1 month ago

      Passkeys are unique cert pairs for each site. The site gets the public key, you keep the private to login under your account. The site never stores your private key.

      To store them simply, turn off your browsers password/passkey storage. Store them in your password manager along with other sites passwords.

      • @lobut@lemmy.ca
        link
        fedilink
        English
        7
        edit-2
        1 month ago

        Sounds similar to the SSL stuff, like for GitHub and stuff. I guess the preference in that case would be my password manager as it stores my password already.

        Perhaps it’s best I pay for Bitwarden premium now and use those hardware keys people are recommending.

        Also thanks!

        • @jatone@lemmy.dbzer0.com
          link
          fedilink
          English
          141 month ago

          Because its the same shit. passkeys are essentially passwordless ssh certificates. we’ve had functional MFA for ssh literally since its inception.

    • Encrypt-Keeper
      link
      fedilink
      English
      11
      edit-2
      1 month ago

      I’m like why is my browser asking to store them? What if I’m using another browser? Why is my password manager fighting with my browser on where to store this passkey?

      The answer to all of these questions is “For the exact same reason they do all these same things with passwords”

      Think of a passkey as a very, very complex password that is stored on your device (or in a password manager) that you can use to log into websites with without ever having to know what the password is, and it’s never stored on the site you’re logging into, even in a hashed format, so it literally can’t be exposed in a breach.

      It’s the exact same technology you use to connect securely to every website you visit, except used in reverse.