Website wants you to make a passkey, go to login but the entry form only accepts the user name, then you have to click next to password which may or may not accept the passkey.
Depends on the system. The thing where your password manager is managing your passkeys? That’s a single factor unless it’s doing something tricky that none of them do.
When it’s the tpm or a Bluetooth connection to your phone? That’s actually two factors, and great.
Can it be copied from your phone? (e.g. by migrating your phone via a backup)
Then it can be compromitted and is essentially a single factor (because some website permit you to login via the key only).
Only if you’d need to completetly renew the key, then it’s truly secure.
Passkeys ❤️
Website wants you to make a passkey, go to login but the entry form only accepts the user name, then you have to click next to password which may or may not accept the passkey.
If they arent on a USB stick, protected against being copied, they are only a single factor that instill false safety.
Depends on the system. The thing where your password manager is managing your passkeys? That’s a single factor unless it’s doing something tricky that none of them do.
When it’s the tpm or a Bluetooth connection to your phone? That’s actually two factors, and great.
Can it be copied from your phone? (e.g. by migrating your phone via a backup)
Then it can be compromitted and is essentially a single factor (because some website permit you to login via the key only).
Only if you’d need to completetly renew the key, then it’s truly secure.
Is that FIDO? What’s the difference?