Nostr Web Client

Anyone know much about "passkey" security feature? Seems exchanges are moving to require this additional security. Gather sms or authentication tools will no longer be sufficient.

Appear to be 3 options, fingerprint scan with devices that enable that, some sort of keychain thing, and devices like yubikey.

Not 100% sure on all this, but best I could gather from what I was told.

#asknostr

JM 7mo ago

FIDO2 features are great

Using at apple, github etc..

attack surface become smaller

Reply to this note

Please Login to reply.

Discussion

YODL 7mo ago

Ok, you seem to know about these. I don't understand how scanning something into an additional cloud keychain is more secure than standard Authenticator apps, but don't expect you to explain that.

What I am curious about is if in any way sneaks in additional kyc of some sort. Fingerprint seems like obvious yes, and less clear on option 2 (cloud keychain).

JM 7mo ago

Passkeys are physical keys on online services. It’s not enough secure if stored on cloud.

There’s no additional KYC, but they are trying to shift the responsibility to the customer.

Cuz if keys are valid, they can blame and nothing to do with their fault.

YODL 7mo ago

Ah ok, kinda makes sense. Thanks!