A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
Onboarding new users securely is in the forefront of most minds in my industry because the current standard is a 12 word phrase written on paper, which most users throw in a cloud solution or screenshot.
The stakes are even higher in crypto where you’re protecting, without recourse, large sums of value. Passkeys are a critically needed solution for my industry. But they need coupled with a social or offline storage recovery mechanism.