On this episode of The Vergecast, we figure out passkeys once and for all.

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • DoubletwistEnglish
    195 months ago

    So it sounds like basically it’s just client certificates?

    • @Spotlight7573@lemmy.worldEnglish
      145 months ago

      Basically, but with a separate public/private key pair per login so they aren’t able to link your identity between sites or accounts with it and also synced or stored in a password manager so you don’t lose them.

    • @IHawkMike@lemmy.worldEnglish
      55 months ago

      Yep! In fact you can still use client certificates in certain passkey/WebAuthN authentication flows. It’s more or less how Windows Hello for Business works (although X.509 certificates are only one type of key it supports).