• halfempty@kbin.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    7
    ·
    1 year ago

    It seems that Passkeys generally require a biometric scan of some kind. I would prefer a level of privacy where I am not providing images of my face or fingerprints to unknown agencies on the cloud.

    • seang96@spgrn.com
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Generally it should be stored in the security chip on the device so no one has access to it.

    • shortwavesurfer
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      The biometrics are on device just like your fingerprint scans stay on device to use your reader.

      • halfempty@kbin.social
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        1 year ago

        I could not find confirmation that biometrics are only stored on the device. In fact, I did see that iOS does at least part of the biometrics in it’s iCloud keychain.

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s way stronger than that. Android does not have access to your fingerprint data by design.

          Here’s documentation that describes the storage architecture which prevents Android from seeing your fingerprint data.

        • shortwavesurfer
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          There’s a chance I’m thinking of third-party password managers like keepass or 1password.

        • shortwavesurfer
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Maybe I am not quite understanding how this is going to work, but from what I understand, third-party password managers can integrate into this, and they would not require the biometrics to leave the device.