Yes, kind of. You’re still giving them your password every time you log in. And it’s on them whether they store it hashed or in plain text. With a passkey, you know that even if they’re hacked, they’ll never get your actual private key.
But, if they’re hacked, your key is probably the least of your concerns.
There’s a few differences. One is the length. Another is the randomness. The biggest, though, is that in a passkey, the server is verified as well. That means phishing is nearly impossible.
Doesn’t a normal modern password, hashed, essentielly do the same thing?
No sane service has your actual password.
Yes, kind of. You’re still giving them your password every time you log in. And it’s on them whether they store it hashed or in plain text. With a passkey, you know that even if they’re hacked, they’ll never get your actual private key.
But, if they’re hacked, your key is probably the least of your concerns.
There’s a few differences. One is the length. Another is the randomness. The biggest, though, is that in a passkey, the server is verified as well. That means phishing is nearly impossible.