"Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup"
So we replaced phishing for individual passwords with phishing you to authorize a new device then getting all your creds? Or pwning the cloud. Anyone know how exactly this works?

· · tweetoot · 1 · 0 · 0

@sj My hackable phone becomes my new hardware token and the secret keys are stored in a cloud?
1 - "Hi, customer service? I just got a new phone, can you reset my keys?" Always the weak link.
2 - If I lose a key, I have to recover with a backup key (not mentioned) or a password to decrypt the cloud-stored backup.
3 - Seems like we're going from 2-factor (something I have and something I know) to 1-factor (if you bonk me on the head and take my phone, you own my world).

Sign in to participate in the conversation
Scriptjunkie Social

scriptjunkie's server