137
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 20 Jul 2024
137 points (97.2% liked)
Firefox
17303 readers
60 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
You delete it from your account, that makes it invalid. Just like removing an entry from authorized_keys. If the site does this after changing the password or not is up to them.
I mean, suppose that i save a passkey in my password manager, then because of my bad opsec someone else gets hold of it - if I delete it from my account, the attacker still has a copy and I have no way to invalidate it
I checked again on eBay, there's no "list of passkeys" even if I created 4 of them (one for each browser on each of my computer + one synced via password manager)
eBay has implemented their passkey support poorly. “Turn off” will invalidate them. Most sites have a list of passkeys and you just delete the one you don’t want working anymore. At that point it doesn’t matter who has it, it’s useless.