With passkeys, my general understanding is that they're generally baked into a device, most commonly this is looking like it will be our phones.
Should a phone be stolen with all our passkeys on it, what's to prevent them from being misused? With the push for convenience, I worry that if a phone is stolen, passkeys are on it, an attacker just has to visit the page and they can then simply use the passkey and authenticate as me. What protections surround passkeys or prevent misuse should the device they're bound to be stolen? Or is it largely dependent upon whatever service is used to store the passkeys (iCloud, Android, password manager a la Bitwarden or Dasblane)?
RockBrackenshield27 karma
With passkeys, my general understanding is that they're generally baked into a device, most commonly this is looking like it will be our phones.
Should a phone be stolen with all our passkeys on it, what's to prevent them from being misused? With the push for convenience, I worry that if a phone is stolen, passkeys are on it, an attacker just has to visit the page and they can then simply use the passkey and authenticate as me. What protections surround passkeys or prevent misuse should the device they're bound to be stolen? Or is it largely dependent upon whatever service is used to store the passkeys (iCloud, Android, password manager a la Bitwarden or Dasblane)?
View HistoryShare Link