top | item 37833171

(no title)

iand | 2 years ago

"To use passkeys, you just use a fingerprint, face scan or pin to unlock your device, and they are 40% faster than passwords — and rely on a type of cryptography that makes them more secure. "

Who wrote this sentence? It's just a mess.

discuss

TheRealPomax|2 years ago

also, "ah yes, a several digit pin, famously more secure than a same-length password that adds even as little as letters".

Macha|2 years ago

The point is more so that the pin unlocks a key on your local device and that key is much stronger than the password the typical user would select. Plus it is site specific in a way that your typical user does not do with passwords.

So it's making a system weaker against offline attacks if someone steals your hardware in exchange for making it stronger against phishing. This is probably the correct tradeoff for most people.

avianlyric|2 years ago

A PIN associated with a specific device that been cryptographically linked to your account. So while a seven digit PIN is easier to guess than a password, the physical device is much harder to steal over the internet. It’s defacto 2FA authentication.

kube-system|2 years ago

Yes, a several digit pin that unlocks a long private key is more secure than a shared secret with eight characters on its own.

progbits|2 years ago

PIN for secure module with throttling and max wrong attempt count is indeed safer than a password you can brute force offline.

wkat4242|2 years ago

A pin is pretty safe when it unlocks a hardware token that limits the amount of attempts.

It's basically like a chip & pin bank card.

wrs|2 years ago

You have to possess the device and the PIN, so yes, it is quite a bit more secure.