Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
You must log in or register to comment.
If only companies wouldn’t be patronizing ass hats about it. A few sites deny storing passkeys in software wallets because of “security”. So what, keep using my password is safer now? Fucktards.
I highly recommend using something like Bitwarden or 1password (which can manage both passwords and passkeys), and then generating a passphrase using a method like Diceware. If you’re paranoid you might prefer rolling your own with Keepass but for most people that’s going to be a lot of work. I think 1password’s model is about as secure as you could hope for while still trusting a 3rd party. Definitely avoid Lastpass. In addition to widely reported breaches, they don’t even fully encrypt your data; only the password portion is encrypted while usernames and site data are plaintext.
Until someone can explain to me how I can transfer, manage and control my passkeys without syncing them to some hostile corporation’s cloud infrastructure, passkeys will remain a super hard sell for me.
You can use Bitwarden to store passkeys. Not sure if the self hosted solution has support for it yet though.
Vaultwarden does at least, I’ve been using it with passkeys for the last couple months and it’s been great.
I must admit that, despite reading about passkeys a bit, I still don’t understand the actual practicalities. I seem to recall that Bitwarden can store keys, but can’t generate them. If that’s true, who generates the passkey?
Bitwarden can both generate and store them in the browser extension. It can also use them through the browser extension but it can’t yet use them through the mobile apps (they’re working on it).
Bitwarden pro right? ($10 for the year, totally worth it). My mobile app can create/use them already too.
Don’t need the premium version of Bitwarden to use passkeys. The free version works.
That said, $10 per year is not a big cost to support the company storing your vault and developing the apps.
People are making things more complicated than they already are. I simply keep my passwords and passphrases inside my memory.
P.S. My password is not ‘Password123456’
There’s no way for the average person to keep up with remembering unique, strong passwords for all the sites that require them.
You either have to write it down, save it in a password manager, reuse passwords, or have simplified passwords or patterns.
Vendors will use passkey implementations as vectors for lock-in. Guaranteed. Workplaces need to accept BYO.
