Hello,
I have a question. Is it safer to have a titan passkey then having a group of passkey devices?: https://store.google.com/be/product/titan_security_key?hl=nl
I’m thinking of buying this to protect my main staked neurons and assets. And have another identity to use for socials on the internet computer
Is it safer or are passkeys on devices really safe enough?
Kind regards
It’s hard to make a blanket statement about this, because it mostly comes down to operational concerns. If managed properly, both options offer a decent though not perfect level of security.
Security key: Based on secure chips, the cryptographic key material has strong protection. But once the device falls into false hands, the security level can reduce to zero (unless a PIN is set up). So a lot depends on how you manage the physical device. Note that these devices do not offer a backup functionality. If they break, your assets may be gone.
Passkeys: (At least on high-quality devices) the key is kept in a secure enclave, which by itself is a good level of protection. But especially if you use multiple devices, controlling access to those devices is key. The key is only as-well protected as the access to your devices. Consider also that there may be some “account recovery” for cloud sync which may open further backchannels.
In both cases, you still depend on the security of the browser on the device you’re using for interactions. Of course, keeping the device up to date with security patches or maybe even using a special device for security-relevant tasks are important.
In my opinion, you get a much better level of security with a Ledger hardware wallet (and I would suggest not opting in to Ledger Recover if you have good procedures for managing your seed phrase). You get great hardware security, a reasonable backup option (write down the seed phrase and put it in a bank vault), and if you’re using it directly with the Internet Computer app on it, a strictly better level of security which is only rivaled by a full air-gap setup. And you can even use the Fido app to use it as a backup or login option for your Internet Identity …