- Add bookmark
- Featured
- #40
Pretty much all complaints and confusion around passkeys in the comments here so far are addressed by remembering that passkeys aren't the only way you can access your account. You still have your password to fall back on, so when you lose your phone and have to set up a new one, or the first time you sign in on a new device or whatever, you can use your password if that's what you have to do. But for your day to day sign ins, a passkey is more secure, can't be traditionally phished, is easier to use, etc. etc.
You're free to argue that's more complicated than passwords alone, sure. But you don't have to worry about how do you save your passkeys or migrate them between devices and what happens when you lose access to a device that holds those keys. Get back in with a password on the rare occasion it's necessary and you still greatly reduce the amount you rely on passing around a simple shared secret that can be snatched up by a nefarious third party.
It's definitely more complicated than just having one password that lets you into every account you've ever made, but everyone here would agree that password reuse is a horrible idea. The question becomes do passkeys reduce the friction of having unique passwords everywhere enough to get normal people to stop using their simple to remember, simple to type, simple to lose passwords? Right now no, it probably doesn't, if you consider when they'll need to fall back to that password. Yes, day to day using a passkey will be better, but realistically you need a password manager to store the fallback password.
Passkeys are without question more secure than a password. And they don't really add any friction if you're already doing things right. That means they're still safer than passwords for those kinds of users, but that's not quite good enough. I think for everyone to jump to passkeys, there's going to have to be some way to make them "just work" everywhere, on every device, without needing to use a password you'll never remember once in a blue moon. That's difficult, maybe infeasible.
You're free to argue that's more complicated than passwords alone, sure. But you don't have to worry about how do you save your passkeys or migrate them between devices and what happens when you lose access to a device that holds those keys. Get back in with a password on the rare occasion it's necessary and you still greatly reduce the amount you rely on passing around a simple shared secret that can be snatched up by a nefarious third party.
It's definitely more complicated than just having one password that lets you into every account you've ever made, but everyone here would agree that password reuse is a horrible idea. The question becomes do passkeys reduce the friction of having unique passwords everywhere enough to get normal people to stop using their simple to remember, simple to type, simple to lose passwords? Right now no, it probably doesn't, if you consider when they'll need to fall back to that password. Yes, day to day using a passkey will be better, but realistically you need a password manager to store the fallback password.
Passkeys are without question more secure than a password. And they don't really add any friction if you're already doing things right. That means they're still safer than passwords for those kinds of users, but that's not quite good enough. I think for everyone to jump to passkeys, there's going to have to be some way to make them "just work" everywhere, on every device, without needing to use a password you'll never remember once in a blue moon. That's difficult, maybe infeasible.
Upvote
-34
(23
/
-57)