edvorg t1_izrb5yk wrote on December 11, 2022 at 6:41 AM

I'm already using long randomly generated passwords, what would be the difference in adoption of passkey? So instead of a password, an attacker can steal your private key? I'm genuinely curious, what are the benefits

nindustries t1_izrpn2x wrote on December 11, 2022 at 9:59 AM

They cant steal your passkey and its bound to the real domain name.

edvorg t1_izrqv48 wrote on December 11, 2022 at 10:17 AM

Sorry, could you clarify this bit about a domain name? How does it work?

nicuramar t1_izrugs7 wrote on December 11, 2022 at 11:09 AM

I don’t know what he meant by that. But the passkey only works for that specific login. So in that sense it would be like having 100% unique passwords in all cases.

nindustries t1_izrxiu5 wrote on December 11, 2022 at 11:52 AM

The key that is generated for eg google.com will not be used for fakegoogle.com and there is no way for them spoof it. So your key never leaves your device and only works for the specific, valid website.