“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

    • xor
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      …except the ones that can’t

      I think it depends on whether you have a TPM chip in it

      • EngineerGaming@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 month ago

        What are you talking about? KeepassXC, to my knowledge, is not dependent on any TPM, snd it does support passkeys.

        • xor
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          devices themselves can act as passkeys

          I didn’t say a device needs a TPM to support passkeys - I said I believe it it needs one to be a passkey

          Thank you for your passive aggressive response caused by poor reading comprehension, though

          • EngineerGaming@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            From what I understand, “passkey” refers to software, so no such thing as “device being a passkey”. Unlike a hardware key.

            • xor
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              You understand incorrectly. “passkey” refers to a token used for the public key authentication that is used for sign in, which needs to be stored somewhere - this can be stored in a hardware key like a YubiKey, or in your device’s credentials manager. In principle, this could be anywhere, but it needs to be somewhere secure to not be trivial to compromise (eg taking out your HDD and just copying your passkey off it)

              In Windows’ case, this secure credentials store is the TPM chip, which is why you are not able to use passkeys on Windows devices that have no TPM chip (unless you use another hardware implementation).

              Tldr: passkeys are data, not software, and to store the data, you need some form of hardware, which needs to be secure to not be a really bad idea.

              If you’d like to do some reading before confidently correcting me further, I’d suggest reading about how passkeys work.

              • EngineerGaming@feddit.nl
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 month ago

                That is exactly what I said though - passkeys are software. They’re not confined to hardware modules, so there’s no such thing as “device being a passkey”.