So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn’t mention SIM-swap attacks, which are unavoidable. It can’t be that difficult to support an authenticator app.
#Cybersecurity
I understand SSH keys with passwords, but I don’t understand passkeys yet because most of what I’ve read has been layman explanations of them.
Since you made the comparison, could you explain what passkeys actually are, or point me to a decent source that’ll explain it not like I’m 5? Lol
SSH keys are a public and private keys that you can use to sign and verify messages back and forth. passkeys are literally the same thing. the only difference is passkeys are unique per site and you store them in an encrypted file that you only need a single password to access vs an ssh key the passwords are per key pair.
essentially the passkey is used to sign a bit of metadata and then the service verifies that metadata matches the user via the public key on file in their system. but otherwise they’re functionally the same thing as ssh keys.