Why does Bluetooth Low Energy Secure Connections with Passkey Entry check the Passkey bit by bit?

If we want to enable an authenticated connection via BLE the passkey method seems like a good idea. A 6-digit PIN is generated randomly on one device and has to be entered on the other – these 20 Bit of entropy should be a reasonable count… Continue reading Why does Bluetooth Low Energy Secure Connections with Passkey Entry check the Passkey bit by bit?

What is the benefit of a passkey over using 2FA like Google Authenticator?

At the moment to log into (for example) Paypal I type a password then the code from Google Authenticator. If I understand correctly having a passkey installed on my phone eliminates the password. It would be like a website requiring only t… Continue reading What is the benefit of a passkey over using 2FA like Google Authenticator?

Do passkeys allow an attacker to gain account access by accessing a single device?

Some companies such as Github suggest passkeys replace both passwords and 2FA:

passkeys satisfy both password and 2FA requirements

Github thus allows logging in with a passkey without any second factor, even if you have one enabled (like… Continue reading Do passkeys allow an attacker to gain account access by accessing a single device?

Did Android remove Fingerprint/Passcode for WebAuthN and lower security to push Passkeys?

So, before this year, when you were using WebAuthN to create security keys on an up to date Android phone (Pixel 6 in my case), you had these options (iirc):
When creating a platform authenticator, you were offered Fingerprint/Passcode. Wh… Continue reading Did Android remove Fingerprint/Passcode for WebAuthN and lower security to push Passkeys?