Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security.
– https://developer.apple.com/passkeys/
Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.
Passkey is resistant to these attacks, but user adoption is not widespread enough for Discord to be able to mandate it.
Wtf, if it’s such a huge security bonus, why wait for user adoption, especially if token stealing is an issue?
Change is hard. It has been a long road to get where we are today: major OS and Browser vendor support. Users now need to change their behavior.
What is wrong with good ol’ TOTP & FIDO2?
Passkey is FIDO2.
Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.
you can still use a yubikey or even a password manager like keepassxc with passkeys, no need for any google/apple or even secure enclave.