Comment by isomorphic
10 days ago
Portability. I use YubiKeys with desktop Macs, MacBooks, iPads, and iPhones. The alternative would be to create (Secure Enclave) keys in each of those devices and register each of those keys with each thing requiring authentication... which could take a while.
I guess the alternative is something like Passkeys synchronized via iCloud Keychain. Hopefully Apple is encrypting the Passkey key material within the Secure Enclave using each other Secure Enclave's public key. Otherwise it kind of defeats the whole purpose of having a Secure Enclave. (If I remove a YubiKey from a computer, I have some assurance that computer can't authenticate with YK-controlled accounts.)
> Hopefully Apple is encrypting the Passkey key material
iCloud Keychain has always been e2e encrypted. If you lost and recovered your Apple password, you'd lose all your stored passwords.