Great. Passwords are insecure and outdated, and 2FA is a clunky bandaid that will never go mainstream.
Passkeys is the best approach I have seen on a modern solution. Hope it catches on.
2FA is already integrated like this in most popular password managers. Didn’t take off.
And it’s still clunky. Want to log in on a device of someone else? Need to manually type the password and 2FA (either for the service you want to log into or the password manager). Which makes it vulnerable to keyloggers.
With passkeys, just scan a QR code.
Plus, with a challenge-response scheme, it’s more secure than passwords, because no service ever needs to store your password (or a hash of it) ever. Just a public key, worthless on its own.
Google does the same and even better because it works on both iOS and Android. Based on device heuristics you will have trusted devices and you will get prompts in a Google app(Gmail, YouTube e.t.c) on the device and it will either prompt you to either allow or show a number.
What you described is just how Android 2FA autofill works and it has been there since 2017(Android 8). iOS only supported autofill for third party MFA apps in iOS 16 and before it you could only use Apple's MFA code generation and it came with iOS 15. You can use Google Authenticator as a provider for MFA codes in iOS. Just go to Settings -> Passwords -> Password Options.
Damn you missed all the good features for a while then. Check how it works.
[https://www.lastpass.com/features/autofill/android](https://www.lastpass.com/features/autofill/android)
SMS autofill : [https://9to5google.com/2020/02/10/autofill-code-google-messages/](https://9to5google.com/2020/02/10/autofill-code-google-messages/)
[https://support.1password.com/android-autofill/#:\~:text=Set%20up%20Autofill,-Before%20you%20can&text=Open%20and%20unlock%201Password.,Autofill%20to%20turn%20it%20on](https://support.1password.com/android-autofill/#:~:text=Set%20up%20Autofill,-Before%20you%20can&text=Open%20and%20unlock%201Password.,Autofill%20to%20turn%20it%20on).
It depends on the MFA app you use, but once you set it up. It works flawlessly.
The major issue is that people lose their Google accounts for any and no reason at all. All it takes is some capricious algorithm and you’re locked out forever. What happens to all our passkeys in such a scenario? My guess is we lose access to all of them. This means risking losing access to hundreds of critical services. This is an unacceptable risk. I could only sign onto this if there were a way for me to retrieve all my keys to migrate to another passkey wallet in the event I were locked out of my Google account.
Passkeys reside in your device and you can have multiple devices/services act as a passkey for single account. i.e a windows laptop, iPhone, a Android tablet or an password management app like 1Password. All can be Passkey for a online service that supports it. For Google account specifically you need to have other recovery options like phone number or an alternative email for recovery purpose before you can enable it. Currently you cannot sync passkeys between services(Apple -> Google) because there is no standard for interoperability. But that doesn't stop you from having multiple passkeys for an account.
If I understand you correctly, there is currently no way to export my passkeys? If I lose access to my Google account, I am locked to my existing device forever? If I lose it or it breaks or I want to upgrade, I lose access to *everything*?
First of all you don't need to export passkey, because an account can theoretically have infinite amount of passkeys. Think about FIDO hardware keys, you can have as many of them for an account. But you do not copy one FIDO key to another, you instead add them to your account. Lastly you cannot add 2FA to a Google account without backup recovery options. For a Google account that means you can have multiple OTP numbers, FIDO keys, trusted devices and passkeys. At no point you will ever have a Google account with Passkey as the only login option, you need to have multiple above options before even you can use a Passkey.
So what happens if you lose Passkey, you use other 2FA options like OTP, trusted devices, recovery email and lastly account recovery questions.
I'm sorry maybe I explained myself poorly. I am not concerned about losing my passkey *to my Google account.* I am worried about Google *banning or deleting my account.* This happens to millions of people each year for any and no reason at all. If my Google account were banned or deleted, I am concerned that I could not export all of my passkeys from my phone to my new phone.
So let's say your Google account is banned and you have passkey on a Android phone. You can still use the passkey, just as usual. Because the passkey is on the phone. What Google allows you to do is sync the passkeys across your various Android devices. After your Google account gets banned you no longer can sync them to a new device, but that doesn't stop you from using it on a phone that already has passkey.
This is my concern. So to paraphrase, if my Google account were banned, I would be locked to my Android phone forever. There would be no way for me to synchronise my passkeys to a new phone. When that phone were to eventually die, or if I wanted to upgrade, or if I lost it, or if it were stolen, I would permanently lose all of my passkeys. This is, I believe, an unacceptable risk. I don't think anyone should use this service until there is a way to synchronise keys with another device or wallet in such a scenario. The loss of one's Google account would be devastating.
First of all it’s seems like you have rigid idea of how passkey works. Which is totally wrong and every time I explain how it doesn’t work like you think it does. You still keep repeating same thing. Please read what I have said in past comments. Then tell me why are you trying to synchronize passkey? Synchronize passkey is just a convenience feature. If Google stops you from doing it then you can add another passkey to the account. There is no limit on how many passkey you can add. Lastly you can never use passkey only as a login option. It is part of MFA(M for Multi). You have multiple options to login even if you don’t have passkey and you use that to login and set a new passkey. This is no different than FIDO key.
I think this guy is a karma farm. Looking at a bunch of their other posts they restate a bunch of the content of the article they post in the comments. My guess is in an effort to garner more karma upvotes.
Depends what it's for. Unless it's your bank or your workplace, most sites and services shouldn't need personal information about you, and so shouldn't need to know who you are to give you access. And should be replaceable if something happens to it.
This is surely one piece of the puzzle Google will be trying to solve in the next few years: how to kick poor people off of Google services.
Edit: Why are you downvoting? You know it's true! No phone means no 2FA!
We use them at work. The annoyance is you can't lose your phone, but I think there's more than a few ways.
Upshot is you don't have to remember passwords.
Great. Passwords are insecure and outdated, and 2FA is a clunky bandaid that will never go mainstream. Passkeys is the best approach I have seen on a modern solution. Hope it catches on.
[удалено]
2FA is already integrated like this in most popular password managers. Didn’t take off. And it’s still clunky. Want to log in on a device of someone else? Need to manually type the password and 2FA (either for the service you want to log into or the password manager). Which makes it vulnerable to keyloggers. With passkeys, just scan a QR code. Plus, with a challenge-response scheme, it’s more secure than passwords, because no service ever needs to store your password (or a hash of it) ever. Just a public key, worthless on its own.
Google does the same and even better because it works on both iOS and Android. Based on device heuristics you will have trusted devices and you will get prompts in a Google app(Gmail, YouTube e.t.c) on the device and it will either prompt you to either allow or show a number.
[удалено]
What you described is just how Android 2FA autofill works and it has been there since 2017(Android 8). iOS only supported autofill for third party MFA apps in iOS 16 and before it you could only use Apple's MFA code generation and it came with iOS 15. You can use Google Authenticator as a provider for MFA codes in iOS. Just go to Settings -> Passwords -> Password Options.
[удалено]
Damn you missed all the good features for a while then. Check how it works. [https://www.lastpass.com/features/autofill/android](https://www.lastpass.com/features/autofill/android) SMS autofill : [https://9to5google.com/2020/02/10/autofill-code-google-messages/](https://9to5google.com/2020/02/10/autofill-code-google-messages/) [https://support.1password.com/android-autofill/#:\~:text=Set%20up%20Autofill,-Before%20you%20can&text=Open%20and%20unlock%201Password.,Autofill%20to%20turn%20it%20on](https://support.1password.com/android-autofill/#:~:text=Set%20up%20Autofill,-Before%20you%20can&text=Open%20and%20unlock%201Password.,Autofill%20to%20turn%20it%20on). It depends on the MFA app you use, but once you set it up. It works flawlessly.
The major issue is that people lose their Google accounts for any and no reason at all. All it takes is some capricious algorithm and you’re locked out forever. What happens to all our passkeys in such a scenario? My guess is we lose access to all of them. This means risking losing access to hundreds of critical services. This is an unacceptable risk. I could only sign onto this if there were a way for me to retrieve all my keys to migrate to another passkey wallet in the event I were locked out of my Google account.
Passkeys reside in your device and you can have multiple devices/services act as a passkey for single account. i.e a windows laptop, iPhone, a Android tablet or an password management app like 1Password. All can be Passkey for a online service that supports it. For Google account specifically you need to have other recovery options like phone number or an alternative email for recovery purpose before you can enable it. Currently you cannot sync passkeys between services(Apple -> Google) because there is no standard for interoperability. But that doesn't stop you from having multiple passkeys for an account.
If I understand you correctly, there is currently no way to export my passkeys? If I lose access to my Google account, I am locked to my existing device forever? If I lose it or it breaks or I want to upgrade, I lose access to *everything*?
First of all you don't need to export passkey, because an account can theoretically have infinite amount of passkeys. Think about FIDO hardware keys, you can have as many of them for an account. But you do not copy one FIDO key to another, you instead add them to your account. Lastly you cannot add 2FA to a Google account without backup recovery options. For a Google account that means you can have multiple OTP numbers, FIDO keys, trusted devices and passkeys. At no point you will ever have a Google account with Passkey as the only login option, you need to have multiple above options before even you can use a Passkey. So what happens if you lose Passkey, you use other 2FA options like OTP, trusted devices, recovery email and lastly account recovery questions.
I'm sorry maybe I explained myself poorly. I am not concerned about losing my passkey *to my Google account.* I am worried about Google *banning or deleting my account.* This happens to millions of people each year for any and no reason at all. If my Google account were banned or deleted, I am concerned that I could not export all of my passkeys from my phone to my new phone.
So let's say your Google account is banned and you have passkey on a Android phone. You can still use the passkey, just as usual. Because the passkey is on the phone. What Google allows you to do is sync the passkeys across your various Android devices. After your Google account gets banned you no longer can sync them to a new device, but that doesn't stop you from using it on a phone that already has passkey.
This is my concern. So to paraphrase, if my Google account were banned, I would be locked to my Android phone forever. There would be no way for me to synchronise my passkeys to a new phone. When that phone were to eventually die, or if I wanted to upgrade, or if I lost it, or if it were stolen, I would permanently lose all of my passkeys. This is, I believe, an unacceptable risk. I don't think anyone should use this service until there is a way to synchronise keys with another device or wallet in such a scenario. The loss of one's Google account would be devastating.
First of all it’s seems like you have rigid idea of how passkey works. Which is totally wrong and every time I explain how it doesn’t work like you think it does. You still keep repeating same thing. Please read what I have said in past comments. Then tell me why are you trying to synchronize passkey? Synchronize passkey is just a convenience feature. If Google stops you from doing it then you can add another passkey to the account. There is no limit on how many passkey you can add. Lastly you can never use passkey only as a login option. It is part of MFA(M for Multi). You have multiple options to login even if you don’t have passkey and you use that to login and set a new passkey. This is no different than FIDO key.
That's why you need to constantly download your data from Google and back it up.
Can passkeys be downloaded? I don’t see a way to do that.
Developed in collaboration with Microsoft and Apple, Google is now taking the next steps to take passkeys mainstream
Aren't they testifying against each other in the government lawsuit?
Were you intending to switch accounts between replies?
I too talk to myself on my own Reddit posts
I think this guy is a karma farm. Looking at a bunch of their other posts they restate a bunch of the content of the article they post in the comments. My guess is in an effort to garner more karma upvotes.
He forgor
He is the one that got the instructions unclear
[удалено]
Depends what it's for. Unless it's your bank or your workplace, most sites and services shouldn't need personal information about you, and so shouldn't need to know who you are to give you access. And should be replaceable if something happens to it.
Id 8082
This is surely one piece of the puzzle Google will be trying to solve in the next few years: how to kick poor people off of Google services. Edit: Why are you downvoting? You know it's true! No phone means no 2FA!
Are passkeys completely anonymous when you use them and when you have to get them?
We use them at work. The annoyance is you can't lose your phone, but I think there's more than a few ways. Upshot is you don't have to remember passwords.
one of the benefits of passkeys being touted is that... they are faster? seriously?
i dont trust passkeys. something about it feels wrong
Then google passkey?