A lot of services support passkeys. Microsoft even has an option to make my account “passwordless”. Since they are more secure than passwords, will you be switching some / most of your accounts to passkeys any time soon? Interested to hear everyone’s thoughts on passkeys. 🔑
Passkeys as password replacements reduce the total factors required to login to a service. If you use 2fa for all your services anyway then passkeys are a downgrade. That’s why so many people are angry they are having security options removed.
For people who use the same username and password everywhere, then passkeys are a upgrade.
So normal people get a benefit from passkeys in exchange for getting locked into a ecosystem.
For security minded people I hate passkeys.
I WANT my logins to be something I know, something I have, and something I am. Password, hardware key, biometric unlock of key.
I don’t mind passkeys existing, but I HATE that services are replacing hardware key flows with passkey flows. I want to use my hardware key as fido2 not as a passkey. I don’t want to downgrade my security! Microsoft makes it impossible to use a 2fa hardware key as a second factor now, only as a passkey, that’s strictly worse then before.
To be fair, there is a “something you know” factor - the passphrase for the database containing the passkeys. But I kinda do wish they were more easily password-protected individually, like how you do with SSH keys. You can have a separate database for each passkey I guess… But yea, inconvenient.