Avatar
Melvin Carvalho 1y ago

What’s a Passkey? It’s a secure alternative to passwords, using public-key cryptography (FIDO2/WebAuthn). Your device generates a private key (stored securely), and the service gets a public key. For login, you just sign a challenge—no passwords! Nostr keypairs can be used too 🔑 #Privacy #Nostr #WebAuthn

Reply to this note

Please Login to reply.

Discussion

Avatar
⚡️ᗪㄖ匚⚡️ 1y ago

What are the differences/benefits over signing extensions like Nos2X?

Avatar
Melvin Carvalho 1y ago

Still learning but you can use, for example a fingerprint, or a hardware device

Avatar
⚡️ᗪㄖ匚⚡️ 1y ago

Sweet… that’s interesting, I will be following you on this 🤙

Avatar
mbarulli 1y ago

Isn't that the case though that most services still require you to pick a password during the signup process?

Afterward you can set up a passkey, but ultimately, you have to keep those passwords somewhere in case you move to a new device. Right?

Avatar
Melvin Carvalho 1y ago

I'm still learning, but I believe there is a passwordless mode. But I think you are right for many providers.

Avatar
brugeman 1y ago

Nostr keypairs can be used too - how?

Avatar
Melvin Carvalho 1y ago

passkey, you send in a userHandle, string, anything which is associated by the passkey storage with the passkey id

so in sys you just need to store the passkey id against the user id

you dont need to send userhandle though, can be private, cleaner if you jist assoc in data yourself passkey to nostr id

Avatar
brugeman 1y ago

What I am asking is where does the nsec fit into the picture? Just using npub as user handle?