top | item 37674289

(no title)

hex-m | 2 years ago

The term is often used without a clear definition. As a passkey should be used instead of a password, it means that you need "user verification" (PIN or biometrics) to protect the access when the device is lost.

The other thing is that it is more convenient to have "discoverable credentials" (a.k.a. "resident keys") so the browser can check if there are passkeys stored on your FIDO2-authenticator for a specific website. (instead of asking for a username first)

Syncing is optional but if your passkey is not synced, it is usually called a "device-bound passkey" (e.g. Windows Hello).

discuss

No comments yet.