This video demonstrates the process of adding a passkey to your PieFed account and then using the passkey to log in securely and quickly.
Firefox’s support for passkeys is a bit lacking, especially on Linux, so this seems to work best on Chrome(ium) at the moment.
What are passkeys? Read on…
Passkeys are a passwordless authentication method for logging into websites and apps. Traditional username and password logins are vulnerable to phishing, reuse, and data breaches. Even two-factor authentication (2FA), which often relies on insecure or inconvenient methods like SMS codes or ever-changing numbers has its flaws. Passkeys eliminate these issues by removing the need to remember or type passwords altogether.
Passkeys are stored securely on your device and verified using biometrics or a device PIN, making them both more user-friendly and significantly more resistant to phishing, credential stuffing, and other common attacks. This makes passkeys a safer and more seamless alternative to traditional login systems. On Mac and Windows passkeys can be synched via the cloud, making logging in from multiple devices easier.
Here’s the thing: you don’t necessarily need to use biometric data to store a passkey. That’s how the vast majority of current implementations do it, but it’s not required by the spec. Personally I store all my passkeys in Bitwarden, meaning I can lock them behind my master password with no bio data involved. It also means that my passkeys are platform non-specific and are stored on my own self-hosted Bitwarden instance instead of in some mega-corp’s cloud.
As for SSH vs passkeys, AFAIK they’re both based on the same encryption but SSH keys are just super low level (the raw key in what’s essentially a text file) vs. the more abstracted passkey system that, in theory, is more user-friendly.