Follow

"Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup"
So we replaced phishing for individual passwords with phishing you to authorize a new device then getting all your creds? Or pwning the cloud. Anyone know how exactly this works?

· · tweetoot · 1 · 0 · 0

@sj My hackable phone becomes my new hardware token and the secret keys are stored in a cloud?
1 - "Hi, customer service? I just got a new phone, can you reset my keys?" Always the weak link.
2 - If I lose a key, I have to recover with a backup key (not mentioned) or a password to decrypt the cloud-stored backup.
3 - Seems like we're going from 2-factor (something I have and something I know) to 1-factor (if you bonk me on the head and take my phone, you own my world).

Sign in to participate in the conversation
Scriptjunkie Social

scriptjunkie's server