Exploring Passkeys: A Deep Dive into Their Pros and Cons
Written on
Introduction to Passkeys
Have you come across the term "passkeys"? They represent a modern approach aimed at eliminating the need for traditional passwords. While they can be linked to physical USB devices, their essence lies in digital security.
Recently, both Google and Microsoft have begun implementing passkeys across their platforms. These passkeys consist of unique, encrypted credentials stored locally on your devices. When you want to access a site, you utilize the device housing the passkey to either enter a generated code or simply verify your identity.
Passkeys: The Good, the Bad and the Ugly
In this video, we delve into the complexities of passkeys, discussing their strengths and weaknesses in modern cybersecurity.
Advantages of Passkeys
One of the standout features of passkeys is that they are associated with specific applications or websites. This means that if you receive a login prompt via text, your passkey will only activate if you're attempting to access the authentic site, providing a robust defense against phishing attempts. Remember, it's always safer to navigate directly to the site rather than relying on links from texts.
However, while this may sound straightforward, there are still significant concerns.
The Limitations of Passkeys
Despite the advancements, I remain skeptical about the complete obsolescence of passwords. Passkeys cannot function independently of them. Firstly, you still require a method to log into the devices containing your passkeys. More importantly, what happens when you switch to a new device?
If you're merely upgrading, migrating your passkey data is usually manageable, requiring minimal reconnections as long as you have access to the original device. However, if your device is damaged or lost, recovery becomes a challenge.
According to Google, your passkeys are supposed to be linked to your Android account, with end-to-end encryption ensuring that they are retrievable on a new device. Yet, this introduces potential vulnerabilities. Cybercriminals have been known to impersonate devices to intercept two-factor authentication codes. Should someone gain access to your Android account, your passkeys could be at risk.
Passwords: The Good, The Bad, & The Ugly
This podcast episode discusses the ongoing relevance of passwords in the face of emerging technologies, including passkeys.
The Current Landscape
Currently, the number of websites and applications that accept passkeys as a substitute for passwords remains limited. Many of my accounts are not yet compatible with this method. It's essential to remember that no login system is entirely foolproof; there are always vulnerabilities, and passkeys are no exception.
My personal experience with passkeys has been mixed; I find it cumbersome to consistently retrieve my phone for logging into sites. With numerous accounts, remembering every login is impractical, which is why I rely on a password manager. Unlike web-based solutions, I prefer a password manager stored on a USB drive.
After extensive testing, my top choice is KeePass (not an affiliate link). It’s free, user-friendly, and requires you to remember only one password to access all your data. Furthermore, nothing is saved on your computer or online, meaning that thieves would need to physically steal the USB drive to compromise your information.
Concluding Thoughts
What do you think about the shift towards passkeys? Do you have a preferred password manager? I encourage you to share your insights in the comments.
If you appreciate the content provided by Crystal’s Tech Bytes, consider supporting us on Ko-Fi. Every interaction, whether a tip or a comment, fuels the passion for continued writing and sharing valuable information.