• lmmarsano@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 hours ago

    Nah, password authentication or anything that transmits the full shared, secret is beyond primitive. Passkeys, client certificates, OTP never transmit the secret key. With passkeys & client certificates, the server never has the secret key, so it can’t expose it.

    Problems due to phone loss indicate bad practices. Any decent password manager or vault service can manage cryptographic credentials of any kind.