top | item 33941059

(no title)

kjetil | 3 years ago

The article does not mention passkeys, but they seem destined to be almost all of WebAuthn usage in the future, now that both Apple and Google support them. External FIDO keys will probably remain a niche solution for those with special security needs. But where does that leave the platform authenticator approach? It’s great that you can store the key on-device, but is it really worth it ti not use passkeys instead?

discuss

pabs3|3 years ago

Passkeys will probably be stored in the ways this article advocates for, except there will be some way to securely sync them between devices without allowing them to be copied to unauthorised devices even if the OS is compromised.