this post was submitted on 22 Dec 2025
99 points (92.3% liked)
Technology
77899 readers
2878 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A passkey is a key pair where you keep the private key and give the public one to the service. Then you can log in by proving you have the private key. Fairly simple in theory. Horribly complex in practice.
And what is a private key? How exactly do you “keep” it across multiple devices? It’s all still black magic to me.
Basically, in public key cryptography, you can generate a set of two big numbers that are mathematically related, one called the private key and one called the public key, collectively called a key pair.
Through a lot of fancy math, you, with your private key, can take a number I give you and give me back another number called a signature. I, with your public key, can do even more fancy math to prove that you do, in fact, have the corresponding private key to the public key I have, based on this signature.
If you give me the wrong signature, I can’t trust that you have the private key, and you don’t get authenticated, but if you give me the right signature, I can trust that you’re you, and you get authenticated.