Do I as end user need to care though? Is my mental model adequate for my mostly corporate IT usage?
Kingsley Joseph On Mon, 4 Aug 2025 at 10:54 AM, Udhay Shankar N via Silklist < [email protected]> wrote: > On Mon, Aug 4, 2025 at 9:42 AM Kingsley Jegan Joseph via Silklist < > [email protected]> wrote: > > I haven't really followed infosec in a long time, and when I'm wearing my >> end user hat, passkeys just seem to translate to biometrics. I realize this >> is probably a reductive abstraction, but does an end user really benefit >> from a deeper understanding? As long as this abstraction isn't totally >> delulo I can live with it. >> > > This is actually my biggest problem with the communication around > passkeys. > > - A passkey is basically a public/private key pair, with one part > (public) being on the server you want to access, and the other part > (private) being on your phone/device > - Biometrics in this case is the PIN/Fingerprint/faceID that you use > to unlock your phone or other device, which then lets you access the > private key, which then lets you access the site > - The biometric itself is not the credential, it lets you access > the credential that is stored on your device. So you'd need physical access > to the device, as well as the biometric in order to access the actual > device > > > -- > Silklist mailing list > [email protected] > https://mailman.panix.com/listinfo.cgi/silklist >
-- Silklist mailing list [email protected] https://mailman.panix.com/listinfo.cgi/silklist
