"The first of these entities is the authenticator -- not Google's Authenticator or Microsoft's Authenticator, necessarily; rather, it's usually an integral component of your password manager. In fact, given the degree to which authenticators are typically built into password managers, the phrase "authenticator" is often omitted from discussions about credential management. However, since authenticators can also exist as stand-alone components (separate from any password management capabilities), it's helpful to consider their unique role as independent actors in any passkey workflow."
"Each time you register or use a passkey, you're typically encountering four quasi-independent entities that, with the help of some relatively new standards, are integrated with one another to produce an end-to-end passkey user experience. What is a passkey authenticator? The first of these entities is the authenticator -- not Google's Authenticator or Microsoft's Authenticator, necessarily; rather, it's usually an integral component of your password manager."
Passkeys are positioning to replace most traditional passwords by providing significantly more secure login credentials. Passkey workflows involve four quasi-independent entities: the authenticator, the website or app (the relying party), the operating system, and the web browser. Standards integrate these entities to produce an end-to-end passkey user experience. The authenticator often lives inside password managers, causing the term to be omitted from many credential-management conversations. Authenticators can also be standalone devices or components distinct from password managers. The authenticator's behavior and integration are both confusing for users and strategically important when preparing for passkey adoption.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]