Technology

60694 readers

3984 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

879

Stop Treating Phone Numbers As A Digital ID (notthesolution.substack.com)

submitted 2 days ago by formerlytomato@lemmy.sdf.org to c/technology@lemmy.world

168 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] lmmarsano@lemmynsfw.com 2 points 22 hours ago

Passkeys or WebAuthn are an open web standard, and the implementation is flexible. An authenticator can be implemented in software, with a hardware system integrated into the client device, or off-device.

Exportability/portability of the passkey is up to the authenticator. Bitwarden already exports them, and other authenticators likely do, too.

WebAuthn relying parties (ie, web applications) make trust decisions by specifying characteristics of eligible authenticators & authentication responses & by checking data reported in the responses. Those decisions are left to the relying party's discretion. I could imagine locked-down workplace environments allowing only company-approved configurations connect to internal systems.

WebAuthn has no bearing on whether an app runs on a custom platform: that's entirely on the developer & platform capabilities to reveal customization.