• ISOmorph@feddit.org
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 days ago

    My understanding as well. Then there is this quote

    “if a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing. (…)"

    How does a PIN, which is inferior to a password, provide more security, when passwords alledgedly aren’t secure anymore?

    This is an obvious grab for biometric data if you ask me. The statements are too contradictory. At some point PINs are gonna get phased out as well. A bit like what they’re doing with local accounts on Win11

    • Saleh@feddit.org
      link
      fedilink
      arrow-up
      2
      ·
      4 days ago

      good thing biometric scanners can also be duped easily, unless it is some advanced stuff you won’t find in consumer devices.

    • Kornblumenratte@feddit.org
      link
      fedilink
      arrow-up
      1
      ·
      4 days ago

      You do not use the PIN to log into your account, but to unlock the passkey that is used to log into your account.

      A PIN + the need to physically access a device capable of logging into your acount is safer than a password, which is safer than a PIN.

      On the other hand, a compulsory 2FA bound to a physical device will create lots of problems when you loose access to your device.