• valpackett@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Note that you pretty much can’t store them with Google or Apple; smartphone biometric sensors operate the on-device HSM, not something remote.

    • takeda@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      So, how does it work when you are accessing account from a different device? How the other device knows your fingerprint?

      • valpackett@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It does not. The fingerprint always only unlocks the device’s HSM (“secure enclave” in Apple speak).

        Between your devices enrolled in the ecosystem, private keys are synced securely (AFAIK, they make it so that an existing device’s HSM encrypts keys using the pubkey of the new one’s HSM); for signing up using your device on someone else’s computer there’s a process that combines QR codes with Bluetooth communication.