• takeda@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    I kind of don’t like to store my fingerprints with Google. Even FBI collects them when you are indicted.

    What about allowing us to log in to services via asymmetric keys?

    • Greensauce@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      You don’t have to store them with Google. Passkeys are supported in both iOS and Android natively. Within the last few months both Bitwarden and 1Password support storing passkeys as well.

    • Trivial@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      It is just an asymmetric key. Phones try to store them securely but you could use an app to just generate them and store your key wherever.

    • valpackett
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Note that you pretty much can’t store them with Google or Apple; smartphone biometric sensors operate the on-device HSM, not something remote.

      • takeda@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        So, how does it work when you are accessing account from a different device? How the other device knows your fingerprint?

        • valpackett
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          It does not. The fingerprint always only unlocks the device’s HSM (“secure enclave” in Apple speak).

          Between your devices enrolled in the ecosystem, private keys are synced securely (AFAIK, they make it so that an existing device’s HSM encrypts keys using the pubkey of the new one’s HSM); for signing up using your device on someone else’s computer there’s a process that combines QR codes with Bluetooth communication.