• m-p{3}A
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    If you’re using a hardware token like a YubiKey then you do need to enter your PIN before being able to use it.

    The main benefit is that you cannot extract the Passkey from the secure element (the token cannot be transformed from what you have to what you know) and it cannot be phished through a fake domain as the challenge-response will not match.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I like the yubikey bio series so you use a fingerprint on the key itself. Fido2 only right now