undefined | Better HN

0 pointskqr10mo ago0 comments

Passkeys are still a shared secret, aren't they? Asymmetric cryptography would have been amazing. Barring that I would actually recommend Oauth or something like it, to limit the number of parties who manage shared secrets to a smaller set of actors who have more experience doing so.

0 comments

2 comments · 2 top-level

kro10mo ago

They are in fact public/private keys and use signing a challenge for authentication.

1 more reply

growse10mo ago

No, they're just resident webauthn credentials which use asymmetric crypto.

j / k navigate · click thread line to collapse