You can still keep password + 2FA on GitHub and Google Suite (probably anything else that’s currently implementing them), it’s just a convenience/anti-phishing feature right now.
The passkey is synced between devices if it’s kept in a password manager, I haven’t looked at the mechanism that Apple uses to sync it/use it if you store it in the system keychain. I guess you could also have multiple passkeys configured for a few devices.
IIUC Apple syncs them using the most secure way they can, i.e. when you enroll a new device to your account the existing device, the existing device’s HSM encrypts keys using the pubkey of the new one’s HSM; and for recovery from being left with 0 Apple devices there might be (?) an escrow option that’s optional (?)
Cool. I should check it out. I tend to assume that when Apple (or Google) rolled this out that it’s not broken in any obvious way that I would recognize right away.
But like contactless payments, which I’ve advocated my friends and family switch to, I should read up on why it’s more secure.
You can still keep password + 2FA on GitHub and Google Suite (probably anything else that’s currently implementing them), it’s just a convenience/anti-phishing feature right now.
The passkey is synced between devices if it’s kept in a password manager, I haven’t looked at the mechanism that Apple uses to sync it/use it if you store it in the system keychain. I guess you could also have multiple passkeys configured for a few devices.
IIUC Apple syncs them using the most secure way they can, i.e. when you enroll a new device to your account the existing device, the existing device’s HSM encrypts keys using the pubkey of the new one’s HSM; and for recovery from being left with 0 Apple devices there might be (?) an escrow option that’s optional (?)
Cool. I should check it out. I tend to assume that when Apple (or Google) rolled this out that it’s not broken in any obvious way that I would recognize right away.
But like contactless payments, which I’ve advocated my friends and family switch to, I should read up on why it’s more secure.