For years we've been using passwords which sites have been making us make more complicated:
- password
- password at least eight characters plus a special character
- password at least eight characters, cone capital Letter, one number, one special character.
I had a site recently require a 16 character password that contain no actual words plus special characters.
More recently we've been seeing passkeys being suggested or required.
What the hell are they???
A passkey consists of two parts: a public key and a private key. The public key is stored on the site. The private key is stored on your computer. But actually, it's a bit more complex than that. Here is one pattern:
- You go to the site and enter your email address
- The site looks up your public key based on the email address
- It then requests your private key
- If the private key matches what should be entered based on the public key you have access.
This is said to be more secure because if the site is hacked only the public key can be stolen.
I'm not convinced it's more secure. If the site is hacked does the hacker have the public key AND the email address? If so then I submit its not more secure.
No comments:
Post a Comment