this post was submitted on 20 Dec 2024
94 points (100.0% liked)
Cybersecurity
9 readers
52 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Rules
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
because its also the most convenient and people are stupid and incapable of handling authenticator apps. plus auth apps are a maintenance burden between phone switching. overall 2fa was a poorly thought out concept to begin with from a end user perspective.
honestly the whole concept of modern 2FA is removed when you can essentially get the same thing from ssh keys with passwords. (๐ @ passkeys which as basically that renamed)
I understand SSH keys with passwords, but I don't understand passkeys yet because most of what I've read has been layman explanations of them.
Since you made the comparison, could you explain what passkeys actually are, or point me to a decent source that'll explain it not like I'm 5? Lol
SSH keys are a public and private keys that you can use to sign and verify messages back and forth. passkeys are literally the same thing. the only difference is passkeys are unique per site and you store them in an encrypted file that you only need a single password to access vs an ssh key the passwords are per key pair.
essentially the passkey is used to sign a bit of metadata and then the service verifies that metadata matches the user via the public key on file in their system. but otherwise they're functionally the same thing as ssh keys.