You are viewing a single comment's thread from:

RE: Using Passkeys to Login to V4V.app gets a shout out on Security Now Podcast ep975 from Steve Gibson

in #v4vapp7 months ago

Using Passkey brings convenience but no additional security, on the contrary.
If key validation is not performed each time, it allows user to authenticate with their passkey even if they changed their keys on the blockchain.

Sort:  

This raises a very interesting issue which I can fix. I could record the User's public key at the time of setting the passkey and simple invalidate that passkey if their hive public key changes. I think that's an important point and I'll look at getting that done.

Great that you're open to and respond to constructive criticism brother!

Some free Hive-engine tokens for you:
!PIZZA !LOL !LUV

Well pointed out!