FREE NEWSLETTER

Passkeys, anyone? by 1PF

Go to main Forum page »

AUTHOR: 1PF on 11/30/2024

I’m starting to see sites offering passkeys. There’s a good explanation at this link of what passkeys are, how they work, and why they’re even better than passwords with two-factor authentication.

If you’ve begun using passkeys, what has been your experience?

Subscribe
Notify of
14 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
MarkP
1 month ago

I use passkeys whenever available and so far very few problems. I save them in 1Password which I’ve used for about 2 years. Passkeys are more convenient and safer but they’re most convenient when using the phone rather than web. Still plenty of places use 2-factor and they almost all allow the use of an authenticator app for the 2nd factor rather than email or text. I expect the shift to passkeys will take several years but will continue since passwords alone are so weak and many people can’t handle 2-factor.

Concerned
1 month ago

I use face id on apple devices as I figure it is at least as secure as a password.

I use 1password for non financial sites. Lastpass got hacked so I switched

I am very worried about. security on financial sites, and I suspect we will not hear if Schwab or Fido gets hacked.

Isn’t it interesting that Schwab seems to have dropped voice ID? maybe too easy for AI to crack?

Scott Dichter
1 month ago

I’ve used them, so-so, if you stay inside an ecosystem (like FaceID on my iPhone) it’s fine. When Apps start trying to use it, not always success. When I’m on a browser on my laptop, heavy failure rate (it just kicks me back to password).

Isn’t it preferable to have 2FA, as multiple hurdles tend to work better than the all the eggs in one basket approach. (are they really asking us to trade security for convenience)

What happens if you have an accident and your fingerprint changes or your face changes, do you suddenly lose access? Or is it sophisticated enough to work around these challenges.

Last, what’s the compelling interest of the developers? Is this something they’ll give away until it eliminates competition and then charge $11.99/month? If they posted that they were committed to keeping it free in perpetuity I’d be more excited.

mytimetotravel
1 month ago
Reply to  Scott Dichter

Would you believe them? Remember “do no evil”?

I also fail to see how it would work on my desktop, which is what I use for my finances.

mytimetotravel
1 month ago
Reply to  1PF

I don’t use one. It starts up just fine without. I do have two “accounts (?) on it, and one does require a password. I’m still running Windows10, maybe that will change when I have to upgrade.

David Powell
1 month ago

If you have a set of Yubikeys you’ve been using the same tech as passkeys for a while. Both use similar industry standard protocols from the same standards body.

If you go the passkey route, be sure to use a consistent place to store them. We’ve been using Dashlane, the password manager, which stores passkeys as well as passwords on desktops and mobile, and with most web browsers.

Finally, it’s wise to enable two factor authentication with anything storing sensitive things like passkeys or passwords. And be sure to share a secure note with your executor telling them how to get in when you leave this vale of tears.

eludom
1 month ago

I recently checked and few/none of the financial institutions I deal with are adopting passkey. Mostly retailers, social media etc.

As to password managers, yeah, letting a company store them online seems like a recipe for disaster, but there are on-your-device-only options like KeePassXC.

I’m in the process of setting up a PC from which I will manage all $ things. Usually not even connected to network.

David Lancaster
1 month ago

I haven’t used a pass key. I am just concerned that if the company gets hacked they potentially have access to all my accounts. If the federal government, and major corporations including healthcare companies are hacked regularly then so can a passkey company.

FYI, my information has been compromised three times (including one of the major credit bureaus)and as a result I have three different companies monitoring my information.

Last edited 1 month ago by David Lancaster
David Lancaster
1 month ago
Reply to  1PF

Oh, OK, thanks for the clarification.

Free Newsletter

SHARE