Let’s start with a smartphone. A user creates an account with a passkey for a service, that passkey gets stored on their smartphone, and they can use biometrics to sign in from then on. The private key is stored on the smartphone. Great.

But then how do you sign into that same service from a different device?

If it’s by using a password manager, some third party piece of software, How do you sign in on a device where you’re not allowed to install third party software?

  • hedgehog@ttrpg.network
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Unless you’re using a random 10+ alphanumeric passcode and are fine entering it every time you log into your phone, with a short auto-lock period, you’re much better off enabling biometrics (assuming it’s implemented competently) in combination with a longer passcode and understanding how to disable it when appropriate.

    I recently replied with this comment to a Gizmodo article recommending the same thing you did for similar reasons, if you’d like to better understand my rationale: https://ttrpg.network/comment/6620188

    • Everythingispenguins@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Read your other comment and I don’t disagree. There are two things that I feel could though have a hiccup. First there is a real possibility that you will not be able to lock your phones. I have never set up face ID on any android I have had, but I don’t see any reference to an auto time out on Android on my phone or any of the setup walkthroughs online. Every manufacturer uses a slightly different build of android so it is hard to say that not Androids has it.

      Second it you have a ten digit password as a backup but use face id often the you could forget it. Which would lead many people to use an easy to guess password. Defeating much of the security with a long password has.