Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
I can see how passkeys can increase security by eliminating the need to define a password when setting up a new account. However, my preferred browser is Brave not Safari (many reasons), I store user id/passwords in a password manager not Keychain (and keep every password unique), and my Mac mini keyboard does not have TouchID. I really don’t see that passkeys will add anything for me.
I heard Leo comment negatively about passkeys on recent TWiT shows. Do we really think people who are ignorant or unconcerned about the importance of unique passwords will be interested in setting up passkeys?
I am a security expert, and I am not interested either. For me it’s two things. The first thing is that passkeys are really not portable at all, so they seem to have come up with the bright idea to put them in your phone (which they assume you have.) It’s very murky how exactly you will replace that phone and securely move your passkeys from the old phone to the new phone… especially if you decide you want to switch sides (from Android to Apple or the reverse.) And if you don’t have them in your phone, then when it’s time to update your PC or refresh it, how do you back up your passkeys on the old OS installation and restore them into the new OS installation?
The second thing is that it feels like Google is trying to use the passkeys to tie together information about you. If you use your phone to scan a QR code to log into a site on a desktop PC, then I feel (maybe without proof) that Google will extract additional information from this process to link you to that desktop PC session. I’m sure the same thing applies to Microsoft and Apple as well. I don’t really want to involve the FAANG+M’s in my logins with other services unrelated to them, if I can really help it.