What are the risks of passkeys?
The risks of passkeys include the challenges of recovering them if a device is lost, the potential difficulties for users with disabilities or older devices, and the need for biometric authentication or other forms of verification, which can be inconvenient for some users. Additionally, passkeys may require extra software and hardware, and their implementation can be costly for businesses, making them a significant investment for companies looking to adopt this technology.
Understanding Passkey Risks
To delve deeper into the risks associated with passkeys, it’s essential to consider the following FAQs:
FAQ 1: What happens to passkeys if you lose a device?
They’re recoverable even if the user loses all their devices, thanks to cloud storage and end-to-end encryption.
FAQ 2: Can passkeys be hacked?
The private key portion of the key pair used in passkey authentication cannot possibly be stolen or hacked, as it doesn’t exist anywhere on a server and requires biometric authentication to be accessed.
FAQ 3: Are passkeys safe?
Passkeys make signing in more secure, using public key cryptography and proof that you own the credential, which is only shown to your online account when you unlock your phone.
FAQ 4: Do passkeys require biometrics?
Passkeys can be used with biometric sensors, such as fingerprints or facial recognition, but they can also be used with a PIN or pattern, giving users flexibility in their authentication method.
FAQ 5: What are the cons of Google passkeys?
One of the cons is that passkeys can only be created using biometrics, which may be a problem for users with certain disabilities or those who prefer alternative authentication methods.
FAQ 6: Can passkeys be stolen?
Passkeys cannot be stolen, as they are securely stored on devices and in the cloud, and they require biometric authentication or other forms of verification to be accessed.
FAQ 7: Are passkeys phishing resistant?
Passkeys are phishing resistant, as they are a standard-based technology that doesn’t rely on shared secrets, making them more secure than traditional passwords.
FAQ 8: Do passkeys require Bluetooth?
You don’t need a Bluetooth connection to sign in to an account with the same device that was used to create your passkey, as your device will ask you to authenticate using biometrics or other methods.
FAQ 9: How do I remove passkeys?
You can remove a passkey by going to your Google Account, selecting Security, and then Passkeys, where you can choose the passkey you want to remove and follow the prompts.
FAQ 10: Do I need a password manager with passkeys?
While passkeys may eventually replace passwords, they won’t replace password managers, as these tools will still be essential for managing and storing passkeys and other sensitive information.
FAQ 11: Are passkeys better than passwords?
Passkeys are safer and more secure than passwords, as they use public key cryptography and don’t store sensitive information on servers, making them less vulnerable to hacking and data breaches.
FAQ 12: What companies use passkeys?
Several companies, including Google, PayPal, Shopify, Instacart, KAYAK, Robinhood, and Adobe, already support passkeys, with more expected to follow in the future.
FAQ 13: Where are passkeys stored?
On Android, passkeys can be stored in the Google Password Manager, which synchronizes passkeys between devices signed into the same Google account, using end-to-end encryption to protect user data.
FAQ 14: Can Apple passkey be hacked?
Apple passkeys can be recovered through iCloud Keychain escrow, which is protected against brute-force attacks, even by Apple, ensuring that user data remains secure.
FAQ 15: What is the difference between a passkey and a security key?
A passkey is a digital authentication method, while a security key is a physical device used for authentication, such as a YubiKey, with both offering passwordless and more secure sign-in options for users.