Passkeys — The Good, The Bad, and The Very Ugly (2024)

FAQs

What is the downside of passkeys? ›

The disadvantages of using Passkeys include: they are not yet widely adopted, they need extra software and hardware, and they can be costly, and businesses may need to budget for implementation.

Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets.

Each passkey consists of two parts – a public and private key – which are stored in different places. Both pieces are required for account access. The private key is stored securely on your device. It's never shared with the app or website you want to log in to.

Yes, exports using the . json format do include passkey data, and such exports can be imported back into Bitwarden. However, there is as of yet no mechanism for exporting passkeys from one passkey wallet app (e.g., Bitwarden) and importing them into a completely different passkey wallet app (e.g., Windows Hello).

What happens if a user loses their device? Passkeys created on Android are backed up and synced with Android devices that are signed in to the same Google Account, in the same way as passwords are backed up to the password manager. That means user's passkeys go with them when they replace their devices.

Passkeys are a convenient and secure way to sign in to your Amazon account without using a password. With passkeys, you can sign in to your Amazon account by simply using your face, fingerprint, or the PIN that you use to unlock your device.

When you use passkeys on your Android device, they're stored in your Google Password Manager. Passkeys are securely backed up and synced between your Android devices. Create a passkey to simplify your sign in. When you sign in to your Google Account, your available passkeys are listed.

User Experience: Passkeys offer a more user-friendly experience, as they leverage familiar device unlock methods like biometrics or PINs. Security keys, on the other hand, may require additional steps or physical possession, which can impact usability.

If you lose your SSH key passphrase, there's no way to recover it. You'll need to generate a brand new SSH keypair or switch to HTTPS cloning so you can use a personal access token instead.

Passkeys offer a compelling combination of security and convenience, making them a powerful tool against phishing attacks. By eliminating the need for passwords and leveraging strong cryptographic principles, passkeys provide a phishing-resistant authentication method that enhances both user experience and security.

Do passkeys require bluetooth? ›

That's why if you're using the same device, or a solution that syncs your passkeys between devices, you don't need a bluetooth connection. Remember: passkey support is coming to 1Password! This will let you sync your passkeys across all of your devices – no Bluetooth required!

Since passkeys aren't exclusively the domain of Apple, once it's fully launched, you should be able to generate them on non-Apple devices for passwordless sign-in with your Apple ID, too, using Android or Windows using either the Chrome or Edge browser, which each support passkeys.

They can't be guessed, leaked, or stolen, and they stop phishing attacks in their tracks, according to those behind the technology. Passkeys are widely considered to be more secure than passwords.

Can passkeys be stolen or hacked? The private key portion of the key pair used in passkey authentication cannot possibly be stolen or hacked.

Hardware security key cons

If you have multiple users of a single account, sharing a key can be a bit impractical. Just like with your smartphone, if you lose your security key, it can make accessing your accounts difficult unless you've set alternative access options as a backup.