Passkeys

"Passkeys are a password replacement that validates your identity using touch, facial recognition, a device password, or a PIN.", Github

"Stored on a smartphone or other trusted device and protected by biometrics or device pin. Every passkey consists of 2 interlocking parts: and public key (shared with website or equivalent) and private (stored on the device)", 1Password

Where to store passkeys

• Device (desktop, phone)
• 1Password
• Yubikey
• iCloud
• Custom Passkey Service

Links to Settings

• brave://settings/passkeys
• chrome://settings/passkeys
• arc://settings/passkeys

FIDO2 Levels

• FIDO2 Level 1 (L1): This is the base level of security, providing protection against basic phishing attacks. It ensures that the user is in possession of a registered device but does not necessarily implement stringent verification of the user’s identity.

• FIDO2 Level 2 (L2): This level adds requirements for additional cryptographic security and mitigates against more sophisticated attacks, including man-in-the-middle (MITM) attacks. It may require the authenticator to have integrated user verification methods, such as biometrics or PINs.

• FIDO2 Level 3 (L3): This is the highest level of security defined by FIDO, requiring hardware-based attestation to prevent tampering and ensure that the cryptographic keys are securely stored in hardware. Level 3 authenticators must resist physical attacks aimed at extracting cryptographic secrets.