Educate Me about Passkeys
-
- UraniumLounger
- Posts: 9476
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Educate Me about Passkeys
What should I know about passkeys? Are they secure? Can one safely replace passwords with them? IME not all sites that require user validation accept or use passkeys; passwords are more ubiquitous. Are there any down sides to using them?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12768
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Educate Me about Passkeys
Passkey are very secure. They can't easily be copied so it's much harder for a hacker to compromise your account.
If you have multiple devices then you need to think about how you will store and manage them. It's probably best to use passkeys with a password manager that supports all the different devices you have.
If you have multiple devices then you need to think about how you will store and manage them. It's probably best to use passkeys with a password manager that supports all the different devices you have.
StuartR
-
- UraniumLounger
- Posts: 9476
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Educate Me about Passkeys
Thank you, Stuart.
I have been using Roboform for quite some time to manage passwords. I'll look into using it for passkeys, as well.
I have been using Roboform for quite some time to manage passwords. I'll look into using it for passkeys, as well.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12768
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
-
- UraniumLounger
- Posts: 9476
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Educate Me about Passkeys
Wow! How prompt that response was. Thanks again Stuart.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Not trying to hog your thread, Bob, but I am having a 'senior moment' trying to understand Passkeys.
I mostly stay signed into eg my Google Account and would only use my existing password on the rare occasion when I may be signed out or activating account onto another device ... or maybe when travelling far afield and prompted by Google.
I assume this is the same if using a passkey?
Given that such a passkey is on my device (can be used across my devices??) then unless an unwelcome user has my device there's no way to get into my account?
Google plus others send eg emails should an unknown device gain access to account ... or if a sign-in occurs from an unexpected location, even where it's 'me'.
I mostly stay signed into eg my Google Account and would only use my existing password on the rare occasion when I may be signed out or activating account onto another device ... or maybe when travelling far afield and prompted by Google.
I assume this is the same if using a passkey?
Given that such a passkey is on my device (can be used across my devices??) then unless an unwelcome user has my device there's no way to get into my account?
Google plus others send eg emails should an unknown device gain access to account ... or if a sign-in occurs from an unexpected location, even where it's 'me'.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- PlutoniumLounger
- Posts: 16079
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Educate Me about Passkeys
To my mind this is a serious failing of applications such as FireFox that offer to save my login-details to my bank accounts. Someone who steals a laptop from my home can quite easily gain access to my bank accounts and choose a bank from my Finance menu in Firefox.
Cheers, possibly, Chris
You do not have the required permissions to view the files attached to this post.
The most expensive thing a man can own is ignorance.
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Hei Chris,
Agreed. They all want to be our save iors these days. I never use them for important accounts eg banks but am happy to avoid having to 'log in' every time I use Email via Gmail, Outlook or T'bird.
Agreed. They all want to be our save iors these days. I never use them for important accounts eg banks but am happy to avoid having to 'log in' every time I use Email via Gmail, Outlook or T'bird.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- PlutoniumLounger
- Posts: 16079
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Educate Me about Passkeys
but, but ... if some rogue steals my laptop, that rogue can, can they not, use my Finance bookmarks to visit each branch, tell the branch that "I've forgotten my password" and then set a new password with my/your access to Gmail, Outlook or T'bird?
Now I grant you (and others) that it seems to be mass-phishin/virus/malware attacks that makes someone like me vulnerable to a severe lack of funds, but the possibility of my house being raided and laptops stolen ("He's a computer-whiz; I bet he has a ton of resalable equipment in his house", thinks the drug-addict) is measurable in a place where a neighbour thinks nothing of walking into a shed, borrowing a tool, and returning it, often within the same month( )
I'm just contesting your statement that "there's no way to get into my account?"
Cheers, Chris
The most expensive thing a man can own is ignorance.
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Chris, if its that easy for someone to use your bookmarks and convince your bank 'its you' I think you should change banks
Here we enjoy (is that the word) apps on, say, a smartphone. If its stolen then firstly the perpetrator has to crack the phone security, then know your bank app code, then know your ID code etc. And that only permits them to move funds within your accounts or to pre nominated external accounts ... if funds are being transferred to theirs yet another password is needed.
All a bit of a struggle me thinks ... well it is for me
Here we enjoy (is that the word) apps on, say, a smartphone. If its stolen then firstly the perpetrator has to crack the phone security, then know your bank app code, then know your ID code etc. And that only permits them to move funds within your accounts or to pre nominated external accounts ... if funds are being transferred to theirs yet another password is needed.
All a bit of a struggle me thinks ... well it is for me
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- PlutoniumLounger
- Posts: 16079
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Educate Me about Passkeys
Methinks that it is time to change browsers!ChrisGreaves wrote: ↑14 Jul 2024, 10:23To my mind this is a serious failing of applications such as FireFox and Thunderbird.
A higher-level view is, of course, that in the past I have had FF set up so that I have to type or paste a password each time I sign in for a session of shuffling money around.
I don't think that is the fault of any one of the six financial institutions between which I shuffle money to make myself think that I am well off, as much as a failure between banks (which struggle to make it difficult to smash through barriers) and browsers (which bend over backwards to make it easy to sign in)
Cheers Chris
The most expensive thing a man can own is ignorance.
-
- UraniumLounger
- Posts: 9476
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Educate Me about Passkeys
Please tell me when I'm wrong, but I look at passkeys as 1-time ciphers which, if captured and stored by any party receiving them, will be useless for the next time access to an account at the receiving party is attempted.
???
???
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Panoramic Lounger
- Posts: 8386
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Educate Me about Passkeys
But Firefox doesn't make you save those details, you can choose the 'don't save' option.ChrisGreaves wrote: ↑14 Jul 2024, 10:23To my mind this is a serious failing of applications such as FireFox that offer to save my login-details to my bank accounts...
And if you have inadvertently saved a username + password you can click on the Hanburger icon, then select 'Passwords' and delete them.
Ken
-
- 4StarLounger
- Posts: 533
- Joined: 30 Oct 2010, 02:12
- Location: England UK
Re: Educate Me about Passkeys
I use Passkeys wherever possible. Lastpass Password Manager. I also use an Authenticator App (Google) If my pc gets stolen, they would also need to take my Smartphone.
Lastpass may have been Hacked but I lost nothing except time to update it.
Lastpass may have been Hacked but I lost nothing except time to update it.
If it wasn't for bad luck I'd have NO luck at all.
Windows 11 Home 23H2 Laptop
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Question from 'one who knows little'
If I establish a Passkey using eg facial recognition and my smartphone camera fails, can I delete the Passkey and startover
If I establish a Passkey using eg facial recognition and my smartphone camera fails, can I delete the Passkey and startover
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 12768
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Educate Me about Passkeys
A passkey is just like a password, but it is very hard to copy it and you have to store it somewhere. My password manager stores passkeys in the cloud so that I can access them from any device. The facial recognition is not part of the passkey, it is just the means that your device uses to protect access to the passkey.
If you forget your password can you start over again? The answer is that this depends on the place that issued the passkey, but it is usually quite simple.
If you forget your password can you start over again? The answer is that this depends on the place that issued the passkey, but it is usually quite simple.
StuartR
-
- PlutoniumLounger
- Posts: 16079
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Educate Me about Passkeys
Hi Ken, I agree, and have now removed all passwords except for a couple of technical forums.
That said, I will maintain that it seems strange to have one group of legal software designers (browsers) providing a way to save login passwords" and a second legal software team trying to increase security.
The question (for me) remains: How did I start saving passwords after all these years?
The answer might be senility (I've had that for YEARS!), or lapse of judgment under other pressures, curiosity, or more likely sheer laziness in my part.
Cheers, Chris
The most expensive thing a man can own is ignorance.
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Very useful thread to help my/our understanding of Passkeys. Thanks to all.
Interestingly I was just looking through some of my Windows 11 Settings and found that a Passkey has been 'created' on my Outlook for Windows account. But I do not recall creating such ...
Interestingly I was just looking through some of my Windows 11 Settings and found that a Passkey has been 'created' on my Outlook for Windows account. But I do not recall creating such ...
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- SilverLounger
- Posts: 2127
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Educate Me about Passkeys
Maybe a simple explanation of a Passkey ...
A passkey is a digital credential that provides a more secure and user-friendly alternative to traditional passwords. They are based on public-key cryptography and designed to replace passwords in the authentication process. Here's how they work:
1. **Public and Private Key Pair**: When a passkey is created, it generates a pair of cryptographic keys—a public key and a private key.
2. **Device-Based Storage**: The private key is stored securely on the user's device (e.g., smartphone, computer), while the public key is stored on the server.
3. **Authentication**: During authentication, the server sends a challenge to the user's device. The device signs this challenge with the private key, and the server verifies it with the public key.
Passkeys eliminate the need for users to remember and manage passwords, reducing the risk of phishing, brute force attacks, and other security vulnerabilities associated with traditional passwords. They also improve the user experience by enabling faster and more convenient logins, often using biometric methods such as fingerprint or facial recognition.
A passkey is a digital credential that provides a more secure and user-friendly alternative to traditional passwords. They are based on public-key cryptography and designed to replace passwords in the authentication process. Here's how they work:
1. **Public and Private Key Pair**: When a passkey is created, it generates a pair of cryptographic keys—a public key and a private key.
2. **Device-Based Storage**: The private key is stored securely on the user's device (e.g., smartphone, computer), while the public key is stored on the server.
3. **Authentication**: During authentication, the server sends a challenge to the user's device. The device signs this challenge with the private key, and the server verifies it with the public key.
Passkeys eliminate the need for users to remember and manage passwords, reducing the risk of phishing, brute force attacks, and other security vulnerabilities associated with traditional passwords. They also improve the user experience by enabling faster and more convenient logins, often using biometric methods such as fingerprint or facial recognition.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.