![]() I'll skip over some technical bits, but basically the website send you a secret message that only you (your computer) can decode. The website can now send you a secret message using your lock that only you can open. Instead of a website storing a hashed copy of your password (which could be stolen and theoretically unscrambled), it stores a copy of your public key (which is public, so it doesn't matter if it gets stolen). So, passkeys use this technology to secure your login credentials. She can then mail the box and its contents without worrying about someone seeing the secret document because she knows you are the only person with the key to the lock. Alice places the secret message into the box, then uses the lock you sent her to lock the box. You send Alice a special indestructible box (just play along) and a lock that is currently open. You ask Alice to mail you a secret document. Only your private key can "unlock" anything encrypted with your public key. You have a "lock" (public key) that you can send out to anyone and everyone, and a key (private key) that you keep secret. Passkeys rely on a technology called Public Key Encryption (PKE), which you can think of as a lock and key. But unlike passwords, each passkey is generated for you and each site has a unique passkey and the passkey never leaves your computer. You just so happen to use the same password for Site B (your bank, for example), which does have good cyber security, but it doesn't matter because the hackers were able to get your reused password from site A.Īt the risk of oversimplifying, passkeys are sorta similar to passwords in that you have a secret thing only you know and it is used to unlock some thing. Site A gets hacked, hashes are stolen, and the hackers are able to figure out your password through some reverse engineering. So a common scenario is you use the same password for website A which had crappy cyber security. ![]() If they match, you are good.Īrguably, the three biggest issues with passwords are (1) people tend to use the same password for many, many different things, (2) passwords can be stolen, leaked, accidentally shared, snooped, etc, and (3) hashes can be stolen during a breach and theoretically "unhashed" to figure out your password (this is very difficult in fairness, but technically possible). When you sign in, the thing takes whatever you entered, hashes it using the same algorithm, and sees if the two hashes (the one that was already stored, and the one that was just generated based on the password you entered) match. The thing (website, bank, computer, etc) you want to sign in to keeps a hashed (special magic scrambled) copy of your password. You have a password that you know (maybe you memorized it, maybe it's stored in a password manager). So, for a dumbed down (explain like it's my mother) explanation if anyone comes across this in the future: We'll always be marked by an official flair, and will always love both 1Password and you. You'll see some friendly people from the 1Password team ready to help you - keep an eye out for /u/1PasswordCS-Blake, /u/agben, u/Zatara214, and more of us! Read recent coverage on us and see the 1Password love.Bits will be marked by an official flair. We'd love to hear from you here, on Twitter, or via email.1Password is designed to be easy, secure, and seamless.More on, and why you need a password manager. Available for Mac, iOS, Windows, and Android, syncing seamlessly between all of them. It's simple, secure, and seamless, and it's one place to store your passwords, secure notes, and documents-all protected by the Master Password only you know. ![]() Welcome to r/1Password! This sub is a great place to discuss 1Password, password managers, and internet privacy/security in general.ġPassword is the award-winning password manager designed to make your life easier.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |