• jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I prefer the yubikey webauthn fido2 non passkey approach. It’s not limited to 25 slots. And if your key gets compromised, or you’re forced to unlock it, there isn’t a list of sites that it works on.

      With passkeys, if somebody compromises you, physically, they can see everything you can log into. That makes me feel icky

      • tippl@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        if somebody compromises you, physically, they can see everything you can log into

        Can they though? I own a few yubikeys with passkeys stored inside and i cannot query stored logins without entering a pin.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          Right, so they coerce you to unlock the yubi key (threats, torture, finger removal, etc) and now they see all your passkeys and what they belong to. It’s a menu of your activity.