this post was submitted on 11 Oct 2023
267 points (97.8% liked)

Technology

73758 readers
4112 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
267
Google will now make passkeys the default for personal accounts (arstechnica.com)
submitted 2 years ago by Tibert@jlai.lu to c/technology@lemmy.world
159 comments fedilink hide all child comments
 

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments
[–] smileyhead@discuss.tchncs.de 26 points 2 years ago* (last edited 2 years ago) (17 children)

I have a long list of questions about PassKeys and none of this articles explains them well enough.

  1. Does Android have it build in AOSP or Google Play Services?
  2. Would it be possible to actually see your private key on Android? Like export them to a file?
  3. Does they work without third party service? Can it be just me and the service I am logging in, or does it require my servers from PassKey provider (like Google, Bitwarden, 1Password) to work?
  4. Can it be used offline? For example, can an offline device create token that second online device could use for login? (Like TOTP codes).
  5. Does they work on other Internet services than the Web? In other words, does they work purely over HTTP and webviews or can they be in future used to login in for ex. SSH servers?
[–] Tibert@jlai.lu 5 points 2 years ago (10 children)

Nothing of that?

You don't need to export or know what is the key.

The key is different for each device.

https://youtu.be/6lBixL_qpro?si=wFFQwrfjQBKDHs5B

[–] maniel@lemmy.ml 4 points 2 years ago (1 children)

i tested it on another device, it looks like it gets the passkey from the source device (not from cloud), i had to input the original device's unlock pattern for it to work

[–] Tibert@jlai.lu 4 points 2 years ago* (last edited 2 years ago)

And it's expected as you still had that device. And it's not the same key, a new key has been created for that new device. Now if that device cannot be accessed?

load more comments (8 replies)
load more comments (14 replies)