if somebody compromises you, physically, they can see everything you can log into

Can they though? I own a few yubikeys with passkeys stored inside and i cannot query stored logins without entering a pin.

To be accurate, they don’t know either. A login key and a decryption key are derived from password and secret key client-side.

Only recently discovered CRD, but he’s quickly becoming my favorite channel. He’s doing the exact kind of deep dives into obscure tech topics that i love.