Educate Me about Passkeys

User avatar
BobH
UraniumLounger
Posts: 9532
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Educate Me about Passkeys

Post by BobH »

What should I know about passkeys? Are they secure? Can one safely replace passwords with them? IME not all sites that require user validation accept or use passkeys; passwords are more ubiquitous. Are there any down sides to using them?
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

User avatar
StuartR
Administrator
Posts: 12800
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Educate Me about Passkeys

Post by StuartR »

Passkey are very secure. They can't easily be copied so it's much harder for a hacker to compromise your account.

If you have multiple devices then you need to think about how you will store and manage them. It's probably best to use passkeys with a password manager that supports all the different devices you have.
StuartR


User avatar
BobH
UraniumLounger
Posts: 9532
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Educate Me about Passkeys

Post by BobH »

Thank you, Stuart.

I have been using Roboform for quite some time to manage passwords. I'll look into using it for passkeys, as well.
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

User avatar
StuartR
Administrator
Posts: 12800
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Educate Me about Passkeys

Post by StuartR »

Roboform works well with passkeys
StuartR


User avatar
BobH
UraniumLounger
Posts: 9532
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Educate Me about Passkeys

Post by BobH »

Wow! How prompt that response was. Thanks again Stuart.
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Not trying to hog your thread, Bob, but I am having a 'senior moment' trying to understand Passkeys.

I mostly stay signed into eg my Google Account and would only use my existing password on the rare occasion when I may be signed out or activating account onto another device ... or maybe when travelling far afield and prompted by Google.

I assume this is the same if using a passkey?

Given that such a passkey is on my device (can be used across my devices??) then unless an unwelcome user has my device there's no way to get into my account?

Google plus others send eg emails should an unknown device gain access to account ... or if a sign-in occurs from an unexpected location, even where it's 'me'.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16194
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Educate Me about Passkeys

Post by ChrisGreaves »

RonH wrote:
14 Jul 2024, 09:59
... then unless an unwelcome user has my device there's no way to get into my account?
Untitled.png
To my mind this is a serious failing of applications such as FireFox that offer to save my login-details to my bank accounts. Someone who steals a laptop from my home can quite easily gain access to my bank accounts and choose a bank from my Finance menu in Firefox.
Cheers, possibly, Chris
You do not have the required permissions to view the files attached to this post.
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Hei Chris,

Agreed. They all want to be our save iors these days. I never use them for important accounts eg banks but am happy to avoid having to 'log in' every time I use Email via Gmail, Outlook or T'bird.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16194
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Educate Me about Passkeys

Post by ChrisGreaves »

RonH wrote:
14 Jul 2024, 10:58
... happy to avoid having to 'log in' every time I use Email via Gmail, Outlook or T'bird.
:innocent: :innocent:
but, but ... if some rogue steals my laptop, that rogue can, can they not, use my Finance bookmarks to visit each branch, tell the branch that "I've forgotten my password" and then set a new password with my/your access to Gmail, Outlook or T'bird? :innocent: :innocent:

Now I grant you (and others) that it seems to be mass-phishin/virus/malware attacks that makes someone like me vulnerable to a severe lack of funds, but the possibility of my house being raided and laptops stolen ("He's a computer-whiz; I bet he has a ton of resalable equipment in his house", thinks the drug-addict) is measurable in a place where a neighbour thinks nothing of walking into a shed, borrowing a tool, and returning it, often within the same month( :evilgrin: )

I'm just contesting your statement that "there's no way to get into my account?" :innocent: :innocent:

Cheers, Chris
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Chris, if its that easy for someone to use your bookmarks and convince your bank 'its you' I think you should change banks :grin:

Here we enjoy (is that the word) apps on, say, a smartphone. If its stolen then firstly the perpetrator has to crack the phone security, then know your bank app code, then know your ID code etc. And that only permits them to move funds within your accounts or to pre nominated external accounts ... if funds are being transferred to theirs yet another password is needed.
All a bit of a struggle me thinks ... well it is for me :sad:
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16194
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Educate Me about Passkeys

Post by ChrisGreaves »

RonH wrote:
14 Jul 2024, 13:58
Chris, if its that easy for someone to use your bookmarks and convince your bank 'its you' I think you should change banks :grin:
ChrisGreaves wrote:
14 Jul 2024, 10:23
To my mind this is a serious failing of applications such as FireFox and Thunderbird.
Methinks that it is time to change browsers!

A higher-level view is, of course, that in the past I have had FF set up so that I have to type or paste a password each time I sign in for a session of shuffling money around.
I don't think that is the fault of any one of the six financial institutions between which I shuffle money to make myself think that I am well off, as much as a failure between banks (which struggle to make it difficult to smash through barriers) and browsers (which bend over backwards to make it easy to sign in)

Cheers Chris :gent:
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
BobH
UraniumLounger
Posts: 9532
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: Educate Me about Passkeys

Post by BobH »

Please tell me when I'm wrong, but I look at passkeys as 1-time ciphers which, if captured and stored by any party receiving them, will be useless for the next time access to an account at the receiving party is attempted.

???
Bob's yer Uncle
(1/2)(1+√5)
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs

User avatar
stuck
Panoramic Lounger
Posts: 8425
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: Educate Me about Passkeys

Post by stuck »

ChrisGreaves wrote:
14 Jul 2024, 10:23
To my mind this is a serious failing of applications such as FireFox that offer to save my login-details to my bank accounts...
But Firefox doesn't make you save those details, you can choose the 'don't save' option.

And if you have inadvertently saved a username + password you can click on the Hanburger icon, then select 'Passwords' and delete them.

Ken

User avatar
Ted Myers
4StarLounger
Posts: 547
Joined: 30 Oct 2010, 02:12
Location: England UK

Re: Educate Me about Passkeys

Post by Ted Myers »

I use Passkeys wherever possible. Lastpass Password Manager. I also use an Authenticator App (Google) If my pc gets stolen, they would also need to take my Smartphone.
Lastpass may have been Hacked but I lost nothing except time to update it.
If it wasn't for bad luck I'd have NO luck at all.
Windows 11 Home 24H2 Laptop

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Question from 'one who knows little' :scratch:

If I establish a Passkey using eg facial recognition and my smartphone camera fails, can I delete the Passkey and startover
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
StuartR
Administrator
Posts: 12800
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Educate Me about Passkeys

Post by StuartR »

A passkey is just like a password, but it is very hard to copy it and you have to store it somewhere. My password manager stores passkeys in the cloud so that I can access them from any device. The facial recognition is not part of the passkey, it is just the means that your device uses to protect access to the passkey.

If you forget your password can you start over again? The answer is that this depends on the place that issued the passkey, but it is usually quite simple.
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 16194
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: Educate Me about Passkeys

Post by ChrisGreaves »

stuck wrote:
14 Jul 2024, 18:12
And if you have inadvertently saved a username + password you can click on the Hamburger icon, then select 'Passwords' and delete them.
Hi Ken, I agree, and have now removed all passwords except for a couple of technical forums.

That said, I will maintain that it seems strange to have one group of legal software designers (browsers) providing a way to save login passwords" and a second legal software team trying to increase security.

The question (for me) remains: How did I start saving passwords after all these years?
The answer might be senility (I've had that for YEARS!), or lapse of judgment under other pressures, curiosity, or more likely sheer laziness in my part.
Cheers, Chris
The brain is a three-pound mass you can hold in your hand that can conceive of a universe a hundred billion light-years across (Marian C. Diamond)

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Very useful thread to help my/our understanding of Passkeys. Thanks to all.

Interestingly I was just looking through some of my Windows 11 Settings and found that a Passkey has been 'created' on my Outlook for Windows account. But I do not recall creating such ...
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
RonH
SilverLounger
Posts: 2175
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: Educate Me about Passkeys

Post by RonH »

Maybe a simple explanation of a Passkey ...

A passkey is a digital credential that provides a more secure and user-friendly alternative to traditional passwords. They are based on public-key cryptography and designed to replace passwords in the authentication process. Here's how they work:

1. **Public and Private Key Pair**: When a passkey is created, it generates a pair of cryptographic keys—a public key and a private key.
2. **Device-Based Storage**: The private key is stored securely on the user's device (e.g., smartphone, computer), while the public key is stored on the server.
3. **Authentication**: During authentication, the server sends a challenge to the user's device. The device signs this challenge with the private key, and the server verifies it with the public key.

Passkeys eliminate the need for users to remember and manage passwords, reducing the risk of phishing, brute force attacks, and other security vulnerabilities associated with traditional passwords. They also improve the user experience by enabling faster and more convenient logins, often using biometric methods such as fingerprint or facial recognition.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.