Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
1 Like
Great listener feedback in this ep. The TWiT listenership never ceases to amaze me.
While Passkeys have been marketed to the average consumer as a replacement for passwords, which they are, it also is very telling that most major companies are allowing multiple passkeys for a single account. The idea of having a single passkey that you share with all your incompatible devices using a password manager is great but a majority of people will not be doing this.
Most people will login on a device, create a passkey for that device and if they have another device that does not automatically share those passkeys (eg. Apple or Google), they will create another passkey for that account.
If they have a limit on the number of passkeys for an account I doubt it will be 3 or 5, so I don’t see any issues. At some point I think a limit would actually be a good thing since it would force you to potentially deprecate old devices that you may not realize are still associated with that account.
There’s an interesting potential “attack” that the government could take here that would be more difficult with actual passwords. They could give a site a secret demand letter that demands to associate a government supplied passkey with a specific user account, and now they have side-channel access to that account as well.
2 Likes
It is also an additional security measure. If one device gets lost or stolen, you can log on from another device and remove the Passkey from the lost/stolen device.
1 Like
They can just demand access to the account. They don’t need a passkey.
That may be possible though.
1 Like