• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I prefer the yubikey webauthn fido2 non passkey approach. It’s not limited to 25 slots. And if your key gets compromised, or you’re forced to unlock it, there isn’t a list of sites that it works on.

    With passkeys, if somebody compromises you, physically, they can see everything you can log into. That makes me feel icky

    • Bitrot@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There are definitely pluses and minuses. It will lock you out after 8 incorrect pins so if it came down to it, you could probably force it to lock pretty quickly.

    • tippl@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      if somebody compromises you, physically, they can see everything you can log into

      Can they though? I own a few yubikeys with passkeys stored inside and i cannot query stored logins without entering a pin.