Ronni
Well-known Member
- Location
- Nashville TN
I use passkeys all the time. I like the idea of a digital credential because it’s unique to me. No one else has my Face or fingerprint.
On The Subject of Pass Keys...do you use
- Thread starter Mizmo
- Start date
Dr. Jekyll
Member
- Location
- Florida
In short, you are. The biometric information, fingerprint, face recognition, PIN, etc., is stored on your device.
I agree that the changeover to a passkey can be confusing, and I, myself, have resisted it for a while. However, it truly is safer than typical password and/or 2FA method. Some long-winded details follow:
A passkey is kind of like a secret handshake. When you setup a passkey, two special "key" values are generated.
One is kept by the website and is commonly called the "public" key, because it really doesn't matter if someone else happens to get a hold of the public key, it's useless by itself.
The other is locked safely on your device and is called the "private" key, because it never leaves your device.
In simple terms, the two keys, via the magic of cryptography, recognize each other.
The web site issues a challenge to your device with a random number.
Your device, may then use the biometrics to be sure that it's really you behind the keyboard, this is only unlocking access to the private key.
Your device then creates a digital signature using the private key and the challenge value, and then sends this signature back to the web site.
Again, using cryptographic math the web site uses the public key, the challenge value and the signature to verify the validity of the response.
If all is well, then you're in. Your private key has never left your device.
As Columbo would say, "Uhh, one more thing...". The passkey is tied to a specific domain, such as xyz.com. If someone got access to the public key, and tried to use it from a scammy type domain (xyz-123.com) nothing would work.
This is simply the consumer-ization of public-private key cryptography, which has long been used in the IT (and other) worlds. When still working as a software developer, I had to use public-private keys to login to any of the backend server systems that I worked on. However, we had automated tools that, once setup with they key pairs, pretty much made the process seamless.
StarSong
Awkward is my Superpower
- Location
- Sunny Southern California ♥
Sites won't accept Proton email addresses? How bizarre.
robin416
Member
I see a huge downside to passkeys then. What happens when a new device is involved. How complicated is it to get the system to recognize home is new?
I like Quickbooks. Used it in our business and for personal stuff. But every time I had to replace my computer I had to fight to get Quickbooks to recognize the new computer. So I quit using it.
I like Quickbooks. Used it in our business and for personal stuff. But every time I had to replace my computer I had to fight to get Quickbooks to recognize the new computer. So I quit using it.
StarSong
Awkward is my Superpower
- Location
- Sunny Southern California ♥
I've come across very few sites offering passkey protection.
When two factor authentication security steps are offered, I always accept.
When two factor authentication security steps are offered, I always accept.
MACKTEXAS
Well-known Member
It's has much to do with the fact Proton Mail allows easy, anonymous account creation. Also, the "dot me" (proton.me) is not consistent with the standard .com as the end tag for most email addresses.
MACKTEXAS
Well-known Member
And that is my biggest question, and one I don't have any answer for. I am staying logged in, but eventually the day will come I have to replace this laptop, then there will be an issue when I try logging into Hotmail.
MoBeans
Member
You have to be careful. If you create a passkey on your phone it doesn't mean it will automatically work on your computer. I am fairly tech savvy and from everything I have read I still don't fully understand them and have heard less than stellar stories about them. Different sites handle them in different ways. The technology is still evolving and you could lock yourself out of that site.
Here is how AI put it for seniors who aren't that tech savvy using passkeys.
Confusing setup — the initial process can be unclear and vary by site/device
Recovery is harder to understand — if something goes wrong, it's not intuitive to fix
Device dependency — if the phone is lost, broken, or replaced, passkeys can disappear and cause lockout panic
Inconsistent experience — some sites handle passkeys differently, which adds confusion
Hard to get help with — most people around them (family, support lines) may not know passkeys well either
Bottom line for seniors:
They're probably not worth the transition stress right now unless someone tech-savvy is there to set it up and explain recovery options. And if they are truly tech savvy they will hopefully try and talk you out of it. The tech will mature and get simpler — passkeys aren't quite "grandparent-friendly" just yet. -Sonnet 4.6
Here is how AI put it for seniors who aren't that tech savvy using passkeys.
Confusing setup — the initial process can be unclear and vary by site/device
Recovery is harder to understand — if something goes wrong, it's not intuitive to fix
Device dependency — if the phone is lost, broken, or replaced, passkeys can disappear and cause lockout panic
Inconsistent experience — some sites handle passkeys differently, which adds confusion
Hard to get help with — most people around them (family, support lines) may not know passkeys well either
Bottom line for seniors:
They're probably not worth the transition stress right now unless someone tech-savvy is there to set it up and explain recovery options. And if they are truly tech savvy they will hopefully try and talk you out of it. The tech will mature and get simpler — passkeys aren't quite "grandparent-friendly" just yet. -Sonnet 4.6