scriptbin now supports Passkeys, a security thing that you may actually be helped by. It may be easiest to start by explaining what it means.

• If you use a passkey to log in, you do not have to remember a password.
• If you use a passkey to log in, no one can look over your shoulder and copy your password.
• If you use a passkey to log in, someone could take your phone or computer and still not be able to log in as you.
• If you use a passkey to log in, there is no password for someone to grab out of scriptbin's database, associate with you and try on hundreds of other sites.

Basically, a passkey becomes a login button that only you can push.

To add a passkey to your account, when logged in, go to your account's Passkey page. Then you can use the Passkey login page when you want to log in.

Passkey support on scriptbin is early and still a beta version.

Passkeys is a simple packaging of something that, under the hood, is complicated, so they are not supported by everything. Typically it requires a version of the OS and a version of the browser from 2023 and forward. It is not universally available, but it is accessible to many people, which is why it is now implemented.

The way a passkey works is like this.

When you say you want to create a passkey, scriptbin gives your browser a long string of random information (think of it as a very large number) called a challenge. Your browser invents another very large number called a key, does something to the challenge number (think of it as multiplication), and then sends the result to scriptbin. The browser then stores the key in a secure place, in a way that it requires "authentication" to be retrieved again - this is most commonly a fingerprint or Face ID/Windows Hello-like face authentication, but can also be a super password in a password manager. scriptbin stores away the results of what you did (when given this challenge, it gave this result) and connects it to your scriptbin account.

When you want to log in, scriptbin again gives your browser a random challenge. You enter your username, your browser realizes - hey, I have a passkey stored for this and asks you to authenticate, at which point it retrieves the key and does a similar thing to the new challenge number and sends the result to scriptbin. scriptbin checks if what was done to the number (the multiplication) was the same thing as for one of the passkeys connected with your scriptbin account, and if so it lets you in.

Basically, it is a more complicated version of a password - but in terms of what you have to do and remember, it is much less complicated. And there is no password floating around there that is "just being typed very quickly by the browser", so it can't be intercepted and copied/pasted. Because you need to authenticate, even if someone took your phone or computer, they would not be able to use your passkey without also having your fingerprint, face or super password. (Identical twins with face authentication may want to think twice, for this reason.)

(From a detailed perspective, of course the way I described it is wildly inaccurate. But conceptually it explains how each step works.)

Since passkeys are complicated for the browser and for web sites, they take time to be implemented, and that's why they are not available everywhere yet. There could also be details that are slightly off from one browser to the next, one OS to the next. Please try it out and see if it works for you.

One last thing. Passkeys are often built into password managers. If you save a passkey on one device that is logged into a password manager, it should be available on your other devices that are also logged in. That is a good way to test passkeys and it is one of the few ways to move passkeys from one device to the next securely, but it also does mean that passkeys leave a record of you having an account on scriptbin, which may or may not be what you want.