• skillful_garbage@beehaw.org
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    Passkeys are asymmetric, meaning that the server only ever sees your public key. If the server gets breached, then only your public key is leaked, which isn’t a big deal. Functionally, it’s almost identical to SSH keys.

    • lud@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Since you should use a password manager anyways, it wouldn’t make a difference if they get a randomised password or public key.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        If they get your password they can impersonate you to the server. They can’t do that with just the public key part of your passkey.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          2
          arrow-down
          3
          ·
          1 year ago

          That’s true.

          Ideally my password should be hashed and salted anyways, so that shouldn’t make a huge difference.