Exploring Passkeys: A Step Towards a Password-Free Future

Written By Rogier Willems

Introduction

In the ever-evolving landscape of online security, there is a continuous search for more secure and convenient authentication methods. One such method gaining attention is the concept of "Passkeys." In this blog post, we will delve into the world of Passkeys, examining their features, advantages, and potential limitations.

What are Passkeys?

Passkeys can be described as a fusion of passwords and two-factor authentication (2FA). They serve as a combination of a password and a username, stored on a device that you own. Apple users can utilize the iCloud Keychain to store and manage their Passkeys. It is worth mentioning that in the future, Passkeys might also be supported by popular third-party password managers, such as 1Password, expanding accessibility across multiple devices.

Enhanced Security

One of the major advantages of Passkeys is the significantly reduced risk of username and password compromise. Sharing a Passkey with an unauthorized party becomes nearly impossible, as it can only be transferred through a direct airdrop from your device to someone in close proximity. This added layer of security minimizes the risk of password leaks and unauthorized access to your accounts.

Current Limitations

As with any new technology, Passkeys are still in the development phase and come with certain limitations. While seamless login experiences using Passkeys have been observed on iPhones and iPads, synchronization across devices is limited to Macs equipped with Touch ID. Additionally, Passkeys are currently supported by a limited number of websites, restricting their widespread adoption. Some users have reported occasional glitches where passwords still need to be entered, highlighting the need for further refinement.

Exploring Passkeys Further

For those eager to delve deeper into the intricacies of Passkeys, Steve Gibson's episode on TWiT Tech provides a wealth of information and insights. You can watch the episode here: https://www.youtube.com/watch?v=do1ZnKBOSP8

Considerations and Concerns

While Passkeys offer enhanced security, it is essential to address potential concerns. In an extreme scenario where access to all trusted devices is lost, regaining access to the Passkey database (i.e., keychain) may prove challenging. For example, reestablishing access to an iCloud account requires approval from another trusted device, along with entering a 6-digit code. Losing access to both the trusted device and backup options, such as a registered cellphone number, could pose difficulties. In such cases, alternative secure measures like 1Password, coupled with additional authentication factors like Yubikey, provide an additional layer of resilience.

Conclusion

Passkeys represent an exciting step toward a future without traditional passwords. While they offer notable advantages in terms of security and convenience, they are still evolving and face certain limitations. As the technology progresses, Passkeys have the potential to revolutionize authentication practices and pave the way for a password-free era.

Note: I will stay updated with the latest developments and recommendations from trusted sources regarding Passkeys and other authentication methods to ensure optimal security practices. To be continued….

Rogier Willems
Mac Genius dedicated to Apple Macintosh since 1999.
https://www.macexpert805.com
Previous

Force restart iPhone
Next

Apple Airtags