83
Passkeys are generally available on GitHub
(github.blog)
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
You can still keep password + 2FA on GitHub and Google Suite (probably anything else that's currently implementing them), it's just a convenience/anti-phishing feature right now.
The passkey is synced between devices if it's kept in a password manager, I haven't looked at the mechanism that Apple uses to sync it/use it if you store it in the system keychain. I guess you could also have multiple passkeys configured for a few devices.
IIUC Apple syncs them using the most secure way they can, i.e. when you enroll a new device to your account the existing device, the existing device's HSM encrypts keys using the pubkey of the new one's HSM; and for recovery from being left with 0 Apple devices there might be (?) an escrow option that's optional (?)
Cool. I should check it out. I tend to assume that when Apple (or Google) rolled this out that it’s not broken in any obvious way that I would recognize right away.
But like contactless payments, which I’ve advocated my friends and family switch to, I should read up on why it’s more secure.