Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Privacy Facebook Security

Facebook Now Supports Passkeys (lifehacker.com) 12

Posted by BeauHD from the passwordless-future dept.
Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.

Facebook Now Supports Passkeys More | Reply

Facebook Now Supports Passkeys

Comments Filter:
  • My ideal setup is password + passkey for login to each service. I love the concept of passkeys because they're practically immune to all MITM attacks, however I hate the idea that every service I use could be accessed if someone has my device and can bypass any of its auth mechanisms. By having separate passwords for each site and requiring passkeys for MFA, I can mitigate the damage caused by theft/tampering while protecting myself from MITM attacks.

    Yes, this is far beyond normal but if I want to be n

    • Re: (Score:2)

      by mysidia ( 191772 )

      hate the idea that every service I use could be accessed if someone has my device

      Then use a PassKey authenticator that requires a PIN or biometric entry to use the key. For example a Passkey stored on a Yubikey with a strong PIN set. Or a Passkey stored on a TPM configured to require entry of the PIN each time the credential will be used. Many users would disable the separate PIN requirement, or choose a solution that does not require one for their own convenience purposes, But you don't have

  • Nobody understand what this is (Score:2, Insightful)

    by Anonymous Coward
    I have a TOTP authentictor and Yubikeys. I can understand these. I've read the WP article on Passkeys probably five times and still don't have a single clue about what these are or how they work.

    • Re: (Score:3)

      by ewhac ( 5844 )

      This is how I've come to understand it. I welcome any and all corrections.

      Passkeys are a cryptographic key stored in a Secure Element. This is usually a private key inside a small cryptographic engine. You feed it some plaintext along with the key ID, and it encrypts it using that key. The outer software then decrypts the ciphertext using the public key. If the decrypted text matches the original plaintext, then that proves you're holding a valid private key, and authentication proceeds.

      The private

  • Good news for the old people still using Facebook (Score:3)

    by ebunga ( 95613 ) on Wednesday June 18, 2025 @06:39PM (#65459623)

    I guess they can be safe and secure while they view their ai-generated bacon jesus memes.

Slashdot Top Deals

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux

Close