Can passkeys replace a second factor without loss of security?
My question is on the security of multi device pass keys and whether they provide the same level of security as using a password with Multi Factor Authentication of a separate device.
If my laptop becomes compromised with malware it's possible that the malware could have access to the memory of the 1password process and access unencrypted passwords. But if I had my phone as a second factor then the attackers will not be able to log into any new device without it.
They may be able to access services through any remaining logged in sessions on the compromised laptop but not change any of my passwords as most services like google require the second factor for high risk changes.
I would be able to log in from another device, change all my passwords and lock them out.
So my question is:
If I replace my password and secondary factors with a single multi-device passkey, will that same level of security hold? If they read the passkey from the memory of the 1password process would they be able to use it without possessing any of the device it's synced to?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Most sites (all that I use) in my experience have kept TOTP's in place even with a passkey.
0
