top | item 37908893

(no title)

obpe | 2 years ago

The key isn't fetched and never leaves the enclave. The enclave does the crypto functions.

Passkeys are meant to replace passwords for the average user. And they definitely succeed at that.

discuss

ChuckMcM|2 years ago

So in order to access a service your access device has to have a secure enclave that can enact this crypto?

Or you can use an external hardware security key; the latest versions of most security keys (like YubiKey 5, Nitrokey 3, etc) support Passkeys. Passkeys are basically just U2F 2.0, allowing you to use an asymmetric key pair as the first factor instead of the second.

sp332|2 years ago

It depends on the implementation, but I think that's the general idea. https://developer.android.com/privacy-and-security/keystore for Android, for example.

tony-allan|2 years ago

Most modern devices do contain a hardware based Secure Enclave.

Because the technology is newish I would do some research before using it for anything really important.

richardjam73|2 years ago

What if you use multiple different devices? How can they share the key?

echeese|2 years ago

You can add passkeys for each device (e.g. Windows Hello) or use cloud-synced keys (iCloud, Google, 1Password, probably more)