I work in a jail, I have internet access, but am not allowed to have my phone on me. Websites want me to switch to passkeys. So does Apple. How would I sign into a website or account that has a passkey if I will never have my phone with me to authenticate? I cannot use my work computer to create the passkey, I can’t only log into accounts that I am allowed to use.
In: Technology
It’s probably a bad idea for you to switch.
Passkeys, as they’re being marketed to the public, are really for the common case where people are logging in to websites on their personal phones, or have access to it. Your situation is a really bad fit for the product Apple/Google/1Password are offering to consumers.
*If* we get to a future where passkeys start replacing passwords entirely, *and* your work’s IT department wants to support employees logging into personal accounts on their work computers—something many IT departments strongly discourage—then they’ll probably allow you to use something like a personal [Yubikey](https://www.yubico.com/products/yubikey-5-overview/) to hold passkeys without the risks of allowing personal phones.
A Yubikey is a little dongle that can fit on your physical keyring and store passkeys (and some other sorts of credential). It can be plugged in to a computer to use the passkeys stored on it, but the passkeys can’t be copied off it. So it’s even closer to a physical key than a phone passkey: you need to have the physical device in your possession to access your accounts.
There are other possibilites for passkeys like hardware tokens. But you will need some kind of secondary device with you to use the passkey or the computer you can use needs the ability to take fingerprints. But youalready have this problem with (real) two factor authentication, so if the jail wants you to be able to use your accounts securly they will have to figure something out at somepoint to give you access to a secondary device for both passkey and two factor.
The best option for you would be a hardware-bound passkey on a device such as a Yubikey which could fit very easily on your keychain.
While some services do not support it, one of the most important features of this new ecosystem is that you should be able to add multiple, even many, passkeys to an account. This can be for convenience, but is also there in case one is lost or stolen. Otherwise, one would need to fall back to passwords and (potentially weak) 2FA which would defeat a lot of the benefits of the passkeys.
We have not reached that point yet but passkeys or something analogous minus the fancy name has been around for decades now under several names such as [Hardware token](https://help.access.securid.com/EN_US/Content/Production/ngx_c_hardware_token.html) so they can use those instead of a smartphone for cases like yours.
Latest Answers