A passkey is a key pair where you keep the private key and give the public one to the service. Then you can log in by proving you have the private key. Fairly simple in theory. Horribly complex in practice.
There’s a few differences. One is the length. Another is the randomness. The biggest, though, is that in a passkey, the server is verified as well. That means phishing is nearly impossible.
A passkey is a key pair where you keep the private key and give the public one to the service. Then you can log in by proving you have the private key. Fairly simple in theory. Horribly complex in practice.
Doesn’t a normal modern password, hashed, essentielly do the same thing?
No sane service has your actual password.
There’s a few differences. One is the length. Another is the randomness. The biggest, though, is that in a passkey, the server is verified as well. That means phishing is nearly impossible.