I’ve avoided “passkeys” like the plague, but with Google [promising a password-less future](https://safety.google/authentication/passkey/) and Apple [forcefully moving people to passkeys going forward](https://developer.apple.com/videos/play/wwdc2024/10125/?time=258), I guess it’s time to figure out what they are.
I consider myself a tech person, but the more I hear about these *passkeys*, the less I understand. Apple’s [overview](https://developer.apple.com/passkeys/) says that they’ll be used “alongside” passwords, so I don’t get what’s being **replaced**, and why the hell we need them. Fido Alliance (the folks that apparently invented the damn thing) says that [passwords are a problem](https://fidoalliance.org/passkeys/), but reading this, it doesn’t seem like it’s **my** problem they talk about.
What I **do** understand though, is that one day I’ve had someone walk into my hotel room in Poland, and walk out with my laptop and cell phone while I was asleep^1.
**So, overnight, I ended up without access to any of my devices or phone number abroad**.
Luckily, because I was still in the password-ful past, I could log into my email and Skype from hotel’s computer, and let my wife know that I need some help.
what this scenario wood look like in the future when everything gets switched to passkeys.
____
^(**[1]:**) ^(I have forgotten to lock the door – learn from my mistake. To Krakow police’s credit, they *actually caught the thief* several months later.)
In: Technology
A passkey is basically an automated login method, where instead of a password, your computer stores a very long, very hard to guess number, and on a login attempt, it solves a puzzle that demonstrates that it knows that very long number. Your computer is supposed to only do this after verifying that the website’s domain is correct, which prevents phishing, and also only after doing some check such as Face ID demonstrating that you are the actual owner, preventing a thief from walking off with your passkey.
They, by design, cannot be keylogged/phished and users don’t have to worry about setting or managing secure passwords.
Passkeys take 2 forms: they can either be a physical USB key (Google “Yubikey” for an example) or they can be stored in a password manager.
If your passkey is a physical USB key, you are supposed to have a backup mechanism stored somewhere (normally a second passkey you keep safe at home or in a password manager, so if you lose your primary one you have a way to recover). If your passkey is in a password manager, then every password manager has its own way to help you recover. For example, Apple lets you set recovery contacts, so you can set your wife as your recovery contact and should you get locked out of your account, your wife can generate a code to allow you to get back in.
Latest Answers