I’ve avoided “passkeys” like the plague, but with Google [promising a password-less future](https://safety.google/authentication/passkey/) and Apple [forcefully moving people to passkeys going forward](https://developer.apple.com/videos/play/wwdc2024/10125/?time=258), I guess it’s time to figure out what they are.
I consider myself a tech person, but the more I hear about these *passkeys*, the less I understand. Apple’s [overview](https://developer.apple.com/passkeys/) says that they’ll be used “alongside” passwords, so I don’t get what’s being **replaced**, and why the hell we need them. Fido Alliance (the folks that apparently invented the damn thing) says that [passwords are a problem](https://fidoalliance.org/passkeys/), but reading this, it doesn’t seem like it’s **my** problem they talk about.
What I **do** understand though, is that one day I’ve had someone walk into my hotel room in Poland, and walk out with my laptop and cell phone while I was asleep^1.
**So, overnight, I ended up without access to any of my devices or phone number abroad**.
Luckily, because I was still in the password-ful past, I could log into my email and Skype from hotel’s computer, and let my wife know that I need some help.
what this scenario wood look like in the future when everything gets switched to passkeys.
____
^(**[1]:**) ^(I have forgotten to lock the door – learn from my mistake. To Krakow police’s credit, they *actually caught the thief* several months later.)
In: Technology
For a self-declared tech person, your willingness/ability to read simple facts properly seems to be limited, so this is probably the right sub.
I’m saying this because the first or second result from Google search about FIDO2 will tell you your assumption is just plain wrong, that is compounded with highly dismissive tone of your question.
PassKey is a 2FA by nature, when you lost your laptop/phone (what you have) no one can use your passkey unless they know your PIN (what you know) or access to your biometrics (what you are).
Also PassKey is not limited to your nice shiny Apple devices, there is in fact cross platform hardware authenticator like Yubikey, in form of USB stick , and password manager app, like Bitwarden can also store your Passkey.
Password is a problem for almost everyone, even if you pretend you’re immune. One usual thing is Phishing, where fake website asks you to enter, well, password. PassKey solves this because it verify with cryptography that the website is real before you can use passkey with it.
Second is of course password reuse, one leak then it can be used to login to other services. Passkey solve this by issuing new credential on every registration,.
Third is the use of 2FA, complex password is secure only as long as it is not leaked, so complex password should be combined with a 2FA. People usually skip using 2FA that is separate to password because it is inconvenient (too bothersome to use Google authenticator, or to setup security key).
By the way the fact you are “passwordful” enough to be able to Skype your wife usually a good indicator that you reuse your password and/or your password is as easy it is to remember as it is to crack.
In addition, also the fact you can just Skype with your phone being stolen indicates you have no 2FA active.
So not only you can _easily_, login to your Skype and talk with your wife, a skilled hacker can also so do 😉
You have a security problem. Passkey can help you solve that by not requiring you to remember complex password and setting a separate 2FA.
Latest Answers