←back to thread

225 points Terretta | 1 comments | | HN request time: 0.205s | source
Show context
jakub_g ◴[] No.41863841[source]
Something that is not clear to me about passkeys and makes me uneasy to start using them:

Are passkeys replacing passwords, 2FA, or both?

What if I created a passkey on some device, lost that device, and my passkeys aren't cloud-backed-up? Would I be able to recover my account, or it's doomed? Or does it depend on how a given website implemented it?

replies(6): >>41863858 #>>41864360 #>>41865277 #>>41866433 #>>41866779 #>>41866793 #
lovethevoid ◴[] No.41864360[source]
Two things:

You kind of have to go out of your way to not have your keys backed up. By default, the easiest route is using your android or iphone and both of them back the keys up using icloud Keychain or google password manager. 1Password, bitwarden, all support syncing. Chrome will allow saving it to icloud or your google account. Keepass can be manually synced. Windows is adding sync in the next update for windows hello. List goes on.

The other thing is that multiple keys can be created. Easiest way to see this in action is google's account security settings. Log in (if you have an account), hit create passkey, see your options and play around with them. You'll also see you can add a hardware security key too, which isn't nothing new but if you have one that's another key that doesn't rely on a mobile device!

If all else fails, the usual account recovery process applies. Much like it would if you forgot your password.

replies(3): >>41865248 #>>41866073 #>>41875709 #
Fire-Dragon-DoL ◴[] No.41865248[source]
So we still need a passkey + second factor, isn't that the case?

And if my google account gets banned, I lose access to a trillion things instead of just one.

I was hoping passkeys would work on 1password,but chrome/brave don't support that yet.

It seems like a passkey is just a password though

replies(2): >>41865701 #>>41866973 #
chrchr ◴[] No.41866973[source]
A key difference between a passkey and a password is that a passkey is never transmitted off of your device. The existing tech that they most resemble is ssh keys.
replies(3): >>41867537 #>>41871031 #>>41885812 #
zigzag312 ◴[] No.41867537[source]
How does Google Password Manager sync your passkeys then?

EDIT: Private key is not transmitted off of your device when authenticating, but it can be transmitted off of your device by your password manager.

"The difference between passkeys and passwords is that passkeys are cryptographic key pairs. The key pair is specific to a website. One half is shared with the website, and the other half is private and stored on your device or in your password manager." [0]

"Passkeys are securely backed up and synced between your Android devices" [0]

"Passkeys are stored in your Google Account..." [0]

"Your iCloud Keychain stores and syncs them [passkeys] between iOS, iPadOS, and macOS devices." [0]

[0] https://support.google.com/chrome/answer/13168025

replies(2): >>41869313 #>>41870704 #
1. e40 ◴[] No.41869313[source]
And the interaction between the thing that generates the passkey and my password manager is very confusing. I got multiple popups and it wasn’t completely clear which was chrome ans 1password.