The basic idea behind passkeys is straightforward enough: a user creates a private/public key pair for a single website and provides the public key to the site.
My experience reinforces my belief that a systems view of security is necessary and user interactions with the system must be carefully thought through.
If we could convince the world to use passkeys instead of passwords, we would all be much better off; phishing in particular should take a big hit.
The user's private key never leaves their device, making it much harder for a phishing attack to succeed because it eliminates the need to share passwords.
Collection
[
|
...
]