• phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    If a password manager stores passkeys, how is that much different than just using a password manager with passwords?

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      Storing passwords in a password manager is storing a shared secret where you can only control the security on your end and thus is still vulnerable to theft in a breach, negligence on the part of the party you’ve shared it with, phishing, man in the middle potentially, etc.

      Storing a passkey in a password manager on the other hand is storing an unshared secret that nobody but you has access to, doesn’t leave your device during use, is highly phishing resistant, can’t be mishandled by the sites you use it to connect to etc.

      • smitty825@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Can you elaborate a bit more? If I create a passkey on https://passkeys.io on my Mac, then store the passkey in a password manager like Bitwarden, I can log into that site on my phone. I was kinda under the impression that Bitwarden stored the private key on their servers, so if their site gets hacked, then the attacker has access to my passkey.io account?

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Bitwarden stores your passkeys on your local device. It can sync the passkey between devices but that’s end to end encrypted, bitwarden never has access to any of your passkeys or even your passwords.