1:57 If the passkey is stored on the device, what happens if that device is lost or stolen?...how would you retrieve your accounts before getting a replacement device 2:54?...this should have been included in the video!

@mokiloke

11 ай бұрын

I believe you would log on using another device you have like laptop, which assumes you have one.

@janAkaliKilo

10 ай бұрын

​@@mokilokethen what should you do if you lose all your devices in the flood, fire or other emergency?

@ozordiprince9405

10 ай бұрын

​@@hnv151so once you lose your iCloud account to an attacker. They have all your PassKeys as well??? Unless you use a passkey to sign in to your iCloud account. Therefore creating an infinite loop of lost passwords

@vashlex

9 ай бұрын

This is what I want to know too: Right now it is intransparent where the private key actually is and where it is backed up. How can I ensure my personal privacy without to rely on Google or anyone else but myself.

@rssaini01

8 ай бұрын

Then the backup codes came into the picture.

So with passkeys, it is only your device PIN/password that protects everything. If a criminal steals your device and gets into it, they automatically have access to all the accounts that use passkeys as they have control of your device on which the passkeys are stored. With passwords and 2FA, the criminal steals your device and gets into it but they still can't access anything without cracking your password manager AND the authenticator app that generates the 2FA keys.

@DroisKargva

7 ай бұрын

This ^

@DroisKargva

7 ай бұрын

So it seems like 2FA with TTOP seems more secure?

@jaredyalves

6 ай бұрын

In a cybersecurity way, it's less secure. TOTP is susceptible to real-time phishing attacks. @@DroisKargva

@jaredyalves

6 ай бұрын

Let's use a phone as an example. What about if you have sensitive photos inside it? Already connected accounts? If they have the device and the password, they can already get that information. The idea of passkeys, as I think, is to help with cyberattacks, as for right now it is the best secure way to connect to an account online, but of course, everything has ups and downs. If you just lost your phone, they can't get you passkeys, YOU would have to give it to them.

@tommylehomme8695

6 ай бұрын

Passkeys require confirmation before using them, so the device will have to be unlocked twice. Same as with your 2FA scenario.

Passkeys are still confusing. Does the passkey I use in Chrome on my Windows computer work on my Mac? Does the passkey I use on my Mac work on my Windows computer? Do Chrome passkeys propagate on my Google account, my Apple Keychain, 1Password, Lastpass, Bitwarden? Are they shared? If I wipe my hard drive and reinstall the OS, do I have to create new passkeys? Can I back them up to local-storage? When I do a security audit, is the fact that I have half-a-dozen passkeys for one website bad, or is that okay? Did I make them, or did somebody else? If I delete them will I get locked out? Do you see how this can be confusing for people?

@echongkan01

3 ай бұрын

Passkeys are Device + Platform wise. e.g. each passkey is a combination for Browser + Website, BUT, depending on the platform and user settings, the same passkey can be used in a different device, like a phone, to grant access to the SAME platform in a different device ( around min 3 is explained )

@WilliamPorterTech

3 ай бұрын

By default, passkeys are device specific. Not OS-specific. Certainly not browser or application specific: DEVICE specific. So if you set up a passkey in (say) Chrome on your Windows laptop, you'll be able to use it immediately in Edge or Brave or Vivaldi ON THE SAME MACHINE. How's that work? Well, using a passkey in Windows basically ties into Windows Hello. But you will NOT be able to use that passkey on another Windows computer or any other computer: You'll have to recreate it there, too. Not a big deal. But that's the way it works - by default. I say "by default" because it's now possible to store passkeys in other places, including some password managers. NordPass, for example, can store your passkeys. Now the passkey's authentication process gets moved from Windows Hello on the specific device to NordPass's own method (which, just to keep you confused, might be Windows Hello on that specific device!). Advantage of using your password manager to store passkeys is that you don't have to create them on other devices. If you use a lot of different devices to access the same accounts, this MIGHT be a small help. But if you only use one computer and one phone, then storing passkeys in your password manager isn't really any easier. But seriously, after you create just a couple of passkeys, you'll realize that the process is quite easy. If the passkeys are created on your devices, then you're getting the benefit of hardware authentication. Give your password manager a really good (long, strong, unique) password and then DON'T USE IT unless you have to. That's why, although I work on a lot of different devices, I create the passkeys locally and I do NOT use NordPass (my main password manager) to store them. NOTE that sites with good support for passkeys (like Google) will allow you to rename your passkeys. When I log into my Google account on a new device, I create a local passkey for that device (again: doesn't matter which browser I do this in) and then I rename it immediately (e.g. I change "Windows Hello 3" to "Surface Pro 9"). That way I can tell, in the manage-your-account area in my Google account settings, which passwords are for which devices. If I sell a computer, I remove the passkey.

@majorgear1021

2 ай бұрын

@m57-ux3ngCrickets

Understanding passkeys are really easy and I'm currently using it today. This is the next gen of passwordless feature

Two questions: 1. What happens if a user loses their phone? 2. For a legitimate reason, like aiding someone who was injured, how can you access an account you have permission to use but they aren't in the same room as you?

@Bless3757

6 ай бұрын

Synced Passkeys are an option, which can be synced to your devices using a Google/Apple account or (preferably imo) using a password/passkey manager like Bitwarden or 1Password

@tommylehomme8695

6 ай бұрын

1. In practice, both Google and Apple have your private keys in the cloud, like they do your passwords now. 2. Impossible for now.

@portman8909

4 ай бұрын

You can still make emergency calls without account access. There is no legit reason to gain access

@matheusvportela

4 ай бұрын

@@portman8909 I don't think that was the question. Consider your mom had an accident and is in a hospital. You need to login to her email to retrieve some information for her while she can't. How could we get this legitimate access done?

@letsgocapsbeatpens

3 ай бұрын

Passwords are still there. The presentation doesn't say that, but you'll still have a password to your account if you can't get in using a passkey.

If during travelling I want to login (in an internet café) to a site that supports only passkeys and my phone does not have internet, how it can be done? What if a desktop does not have bluetooth?

@syawkcab

7 ай бұрын

You would get a code from your phone that you copy into the browser

@michaelstrelnikov

7 ай бұрын

@@syawkcab I don't think it works that way. And you still need a connection between desktop and a phone to even initiate the authentication.

so generally speaking, the mobile device is the single point of failure? if an attacker gets access to users phone and pin, then the whole system is compromised, including any and all services where a passkey is used?

@nosrehcorporation

3 ай бұрын

No as when you move to weird location or have different habit it will be detected and google you ask you one more "pass" sms or fingerprint, or to proof clicking in another device you have etc.

@OkayOnyx

2 ай бұрын

Yep I have some guy who logged into my alt account and I can't up my security bc google insists on pass key and everything I enter the key google says its wrong

@OkayOnyx

2 ай бұрын

Can't get the guy off my email

If i lost my phone or got stolen? What do i do then?

@ro794

2 ай бұрын

Pray lol

@fabiandrinksmilk6205

2 ай бұрын

Recovery codes. It's the same as when you setup 2FA with an authenticator app. You get 10 or 20 codes that are one-time use for recovery. You simply write them down and store them somewhere save so when you do lose your phone or security key, you can simply enter one of those codes to get into your account again and setup a new method for login.

I wanted to give this a try but aside from the video not actually showing me how to use pass keys it also does a bad job convincing me it's any more secure than what using bit warden or another password manager.

@DroisKargva

7 ай бұрын

bitwarden also will start using passkeys to logg in into master password (most likely at the end of this month). I still think 2FA seems the safest choise tho.

@TheRythimMan

7 ай бұрын

@@DroisKargva I read about that but how to use it was still never explained so I'm probably not going to use pass keys.

@fabiandrinksmilk6205

2 ай бұрын

The reason why it's safer than a password manager is because there are no passwords at all. You can have the safest password manager, but if you stumble on a phishing site or a website gets breached, an attacker has that strong password. Passkeys use either your devices' internal TPM security chip or a USB security key with such chip to store a private key, the private key never leaves the chip and isn't stored in the normal filesystem. If you do get onto a phishing site and try to use your passkey, the information that an attacker gets is useless.

@TheRythimMan

2 ай бұрын

@@fabiandrinksmilk6205 hi. Thanks for explaining this. You seem like you know what passkeys are. So does that mean I physically need my device to log in to websites using a passkey? What if I lose my device or it is broken? Will I be locked out? Will I only be able to log in from THAT device? If someone takes my device will they be able to log in to websites since "they have my keys?" If there are no usable USB ports on the device I want to log into how would I log in if my passkey is on a USB? Since watching this video only two websites have asked if I want to use passkey but I declined because I didn't understand and the websites still never really explained what they were going to be doing and I don't want to accidentally lock myself out of my accounts the way my grandma accidentally locks herself out of her iPhone. For now I'm relying on 2 factor authorization, which I understand how that works and know how to get around if I lose a device.

I really like the idea of passkeys and changed my password into a very complicated one, expecting, that I would only need it as a backup, if ever. But it is a annoying, that login to a chromebook (not unlocking screen) still requires a password. And in my opinion this contradicts the whole idea. I mean, I have my smartphone next to me and I can use it to log in to my google account on a chrome browser on any windows system. Why not on a chromebook, googles own system?

@RobinNashVideos

10 ай бұрын

This is "largely due to the way ChromeOS encrypts data at rest residing on the Chromebook itself, specifically the decryption key being tied to the password" (from an Ars Technica article) I agree that it's quite a nuisance, but ChromeOS simply wasn't built with passkeys in mind, and so their introduction will require more time as, from what I understand, a low-level fix needs to be implemented, which could require restructuring the OS' entire encryption system. It'll take time.

@RealOne68

8 ай бұрын

Real

@Comments_From_All_Channels

7 ай бұрын

Fingerprints get hacked unless you use mark of the beast

but for it to be synced with other devices would mean that the private key does get stored on a Server, on Google servers which are still Server

@tommylehomme8695

6 ай бұрын

Same with the Google password manager, or indeed any password manager

@metaltyphoon

4 ай бұрын

⁠​⁠@@tommylehomme8695that’s not true at all. Bitwarden has zero knowledge architecture. Anything sent to them has already been hashed. They dont store private keys.

If someone adopts Passkeys, should they delete all other methods of authentication they used previously? For instance, Google Prompts? Could someone exploit/intercept Google Prompts if used at some point despite the fact that we set up Passkey?

@MartinRusnak

7 ай бұрын

Yes

@fabiandrinksmilk6205

2 ай бұрын

If you have multiple ways to login, the weakest option ultimately determines the security. You should simply think about what works for you and how you would recover your account in case you lose or forget a method. Ideally, you should delete the other methods and write down the recovery codes to store somewhere save. That way you use your passkey for your daily login, but in the event of you losing a passkey device, you can use a recovery code.

So you are using 2fa and remove the password part?

@not_vinkami

2 ай бұрын

No. This is just single factor authentication, but this single factor requires a physical device so online hackers are out of the way.

@fabiandrinksmilk6205

2 ай бұрын

It's not that 2FA is bad, it's just that it's too inconvenient for many people. Passkeys is a hardware-backed alternative to passwords, which prevents phishing attacks and like the video said, saves a lot of money for companies with costumer service that needs to reset people's password or for anyone with damages from getting hacked.

Is a passkey a physical key that plugs into a USB port as i have seen these on KZread to but i just don't understand them at the moment. i have got eBay asking to sign up with passkey and tells me to insert it in a USB port on my PC. trouble is i don't have one and they don't even tell you what one is. also on some KZread channels you have to carry it around with you everywhere and they even tell you to back it up on another key which are not even sync together, so if you add another account it looks like you would have to do it on each device every time. As i say i don't understand it at the moment so i may be misinterpreting it all.

@fabiandrinksmilk6205

2 ай бұрын

Passkey is just a new term for different ways to login other than passwords. This video focused on a new form of passkey, which is the security chip (TPM) already inside your device, but USB security keys like the Yubikey do the same, but as a pluggable device that you can take with you and use on different devices. When it comes to backup, you actually don't need to buy 2 USB security keys. Instead, the website you setup 2 factor authentication or passkeys gives you one-time recovery codes. When you lose your security key, you go to the website and try to login and when it tells you to use your security key, you select recovery code instead so you can get into your account to block that security key and setup a new one.

@vmobile890

2 ай бұрын

@@fabiandrinksmilk6205 yes i got that also not the yubico key . now there is another key but not a object more to study .

As a developer, this sounds very suspicious and kind of inaccurate. It kind of just sounds like automated ssh key generation and exchange, which is inherently single factor authentication. And if you lose the private key, you are screwed. The only way I can fathom this kind of working is if keys have to be generated per device. Even then, you need a second way of logging in.... such as a password. An existing login session providing key management is still one single factor. Then again, the explanation/example just was not clear enough on exactly what data is exchanged and stored.

@WilcoVerhoef

11 ай бұрын

There's a white paper by the fido alliance that you can read.

@Mallchad

10 ай бұрын

It's an oversimplifcation, not 100% sure but I understand when you try to login it will prompt you to recognize some code, like a QR on a device you own. And authenticate with an existing (possibly local) method, like fingerprint. Yes, the keys *are* generated per device and are easily revokable if the account manager allows it. The way its setup it's 2 factor by default. Phone, fingerprint, account QR code to scan. It's kind of a lot and rather inconvenient if you don't carry around a device constantly. The second way of logging in is already covered by Google and they still allow you use passwords but this doesn't apply to other companies, it also may change in the future. The thing that concerns me is I'm not sure how they plan to impliment the "use this code to authenticate with passkeys" thing and passkeys management. It's a bit inconvenient to use a QR code the way its setup right now, not super reliable. and a bit liable to abuse if its implented too naively. Also transfering passkeys to other devices looks like an early problem. Same with 2FA

@jamestemple8970

7 ай бұрын

I'll stick with passwords. Why fix what ain't broken?

@JoelPeltonen

7 ай бұрын

​@@jamestemple8970 I think this thingy is geared towards businesses and organizations, where there certainly are issues with passwords. In orgs a huge security issue is reusing passwords - it's de facto impossible to check if someone is reusing their workstation password at an online casino or their self-hosted wordpress blog or such. People also forget passwords all the time, and in a corporate or educational setting resetting passwords is often not trivial :/ A third issue with passwords is sometimes users have to be stopped from having access to resources, such as a compromised account or when a user leaves an org. If just username/password access is used, that can be an organizational challenge. I bet I still would have access to things like internal file sharing, bug tracking and web servers and such if I chose to remember the passwords of them.

@ktwingstrom

6 ай бұрын

Because they are broken @@jamestemple8970

Is the key actually generated for the biometric or the Google account? Because if I create a secret key with my face scan, then lose my device and do another scan, I HIGHLY doubt it will generate the same exact face scan, so how can I now log in?

@boksorunfedaisi6287

5 ай бұрын

You're right, every biometric scan will produce a different output so they can't be used to generate keys. It's used more like an authentication rather than a seed for key generation.

Can you still use your regular Password even though you have a Passkey? Is the Passkey an OPTION?

Passkeys could only be used as a convenient way to login, but can not replace the password + 2nd factor because eventually if all devices are gone/lost, there is still a need a way to authenticate users using something stored in their mind (pass) plus some 2nd factor like a SMS code (get a another new device with new sim card but old number, or from another email account). Once things are recovered from that pass + 2nd factor, the new passkey pair could be established and save for future use of password.

@martijnvanderwal3976

13 сағат бұрын

Yeah I mostly agree. Passwords will never be truly gone. But they should be rare, you should only have a handful of password to very important accounts/devices. I looked in my password manager, I have 500 passwords. 490 of them could easily be replaces by a passkey.

Understand ???? This has so little information it's ridiculous!! And not a single word about how it keeps either half of your passkey private!!

@cyphi1

Ай бұрын

it's like SSH public/private key authentication.

So basically passkeys are just the same type of public/private key encryption we had for ages? Back then you had to manually add private keys to your browser to use them to authenticate and rarely any website actually used that technology to authenticate. So the "new" thing is that it's more comfortable now?

@fabiandrinksmilk6205

2 ай бұрын

The new thing is the open source standard and the widespread use of security chips or TPM chips. The private keys are stored in that chip securely instead of your normal filesystem.

The narrator voice volume is hard to listen, it goes from very soft to loud.

Passkey does not work when I log in from Settings > Accounts (Note: Chrome also works)

Will the average person know how to backup their passkeys or keep them synchronized between devices/operating systems?

@DroisKargva

7 ай бұрын

@@daniel.s8126 user 1234

@jamestemple8970

7 ай бұрын

@@daniel.s8126 It's not brain surgery.

@tommylehomme8695

6 ай бұрын

Google, Apple and third-party password managers will take care of that

This video is fine, but you NON Stop repeating the word - Device and you mean Smartphones. What about the Computers - Desktops and Laptops. Where is the biometric in the most common PC with Windows? As a Mac user, I can tell you - the most of Desktop PC users don't have any form of biometric recognition on their Desktop machines.

@majorgear1021

2 ай бұрын

This. While my Macbook had a fingerprint scanner, I use it 98% in clamshell mode with external keyboard/mouse/display. No biometric scanner available.

@ArijitBanerjeeArley

12 сағат бұрын

I believe they mentioned, that device PINs, Patterns or Passcode would work as well. From 2:00 to 2:10 Also, a person should be able to scan a QR code and use their mobile device to scan and verify using biometrics using the hybrid method (as mentioned in the video)

If we use google password manager to sync across devices that means these keys can travel on the internet. And what if i switch from google password manager to other service?

@ZohaibMasood1

9 ай бұрын

iCloud chain already supports passkeys so you can generate one for that. Also, 1Password is coming up with passkeys support you you can use something like that for cross platform.

Why didn't passkey replace both the user name and the password, sometimes users struggle remembering the username and since the technology is capable of bypassing a username , why not?

@tommylehomme8695

6 ай бұрын

They will eventually, there is no need for the username in the traditional sense now

Hey what do you cost / money by 2step Authifiacation?

How exactly does it work on desktop without fingerprint reader? Do I need to keep scanning codes with my phone?

@nicolasparada

11 ай бұрын

Pin.

@jayantrohila

11 ай бұрын

same way you unlock your desktop.

@jamestemple8970

7 ай бұрын

@@jayantrohila But I don't ever unlock my desktop. Why would I? I also don't lock my phone.

@jamestemple8970

7 ай бұрын

@@nicolasparada What is the difference between a pin and a password?

@nicolasparada

7 ай бұрын

@@jamestemple8970 that the pin is local to the device.

I can't believe how confusing this video is. You present the technical mumbo-jumbo but don't provide a single example.

so basically, passkey is the master password of a password manager with auto fill. passkey is your device PIN/face id/fingerprint etc, right?

@martijnvanderwal3976

13 сағат бұрын

No 😅. Passkeys are a replacement for passwords. Once created you can use them by unlocking your device (that's where the face id/fingerprint comes into play). Also don't think of them as a master password, each account to each website could have it's own passkey.

Hmmm. I wonder what benefits a unique identifier provides the authenticator...

@purpinkn

7 ай бұрын

Advertising ID

yeah, but what happens if you lose your devices? You get locked out without those, right? not everyone has a phone, etc.

@portman8909

4 ай бұрын

You’d probably get a recovery code in case you lose the phone

Is google pw manager still keeping encryption key along the encrypted passwords? Then what's the point with this?

@_Hespro_

11 ай бұрын

Phishing protection. And it's easier to push normies using passkeys than a password manager.

@Mallchad

10 ай бұрын

@@_Hespro_ password managers aren't super strong because they don't strictly prevent phising attacks, just make it slightly more resistant if it has a safe autofill. Worse password managesr are liable to database breaches where as passkeys are very *very* strongly compromise resistant since the authentication credentials are local only. and *encoraged* to use biometric backing

@Comments_From_All_Channels

7 ай бұрын

Fingerprints get hacked unless you use mark of the beast

@Mallchad

7 ай бұрын

@@Comments_From_All_Channels having a fingerprint is useless in passwordless because its tied to an authenticator with 1 device. only maybe being at risk if you break both a cloud backup of the pairing, and phish a fingerprint, and restore the backup without it being flagged, and don't get kicked out for using a new device

what if i lose my device? And also how i can setup google on a new if i will be passwordless after a lose.

What if a fire destroyed my home and I lost everything? Let's assume I don't have a home anymore, let alone my smartphone. How would I deal with that? At least with password managers as long as I remembered one long passphrase I was good to go even after a disaster, now I guess I should prove my identity sending my ID to Google, that would be a long process and it would even go against my privacy. It looks like you solved a problem by introducing thousands more, very nice

@DarkH4X0

11 ай бұрын

(the sending my documents part would be a long process considering that as I mentioned I would have lost everything in that situation, so it would take quite a while even just to get those documents printed and delivered back)

@agektmr

11 ай бұрын

@@DarkH4X0 All you need is a new device, an ability to sign in to your Google account, then the PIN of your previous device to resurrect the passkeys.

@Mallchad

10 ай бұрын

Account recovery isn't going away, phone carriers can help you recovery your mobile number and backups can help you get access to your passkeys. The passkeys should be unlockable with biometric data so importing directly from a backup should be possible in future. Google aren't removing password logins *for now*

What happens if your device break or gets lost? What happens if I want to login to an account on my PC rather than phone?

@AlexMetslov

7 ай бұрын

You OKAY there? I will add then more complications. Also, what happens if you break your fingers and burn off the face? How do you validate your identity then? And if police will believe your relatives, what if you kill all your relatives and friends? How can you validate then? If you still have workplace, what if it burns down and everybody will burn along the building? How can you verify then?

I wonder if phone is hijack and imposter access it? Since many apps or browsers can get user data.

What is google doing that another browser can not do ? Slowing a key do you mean yubikey or key as numbers or letters or each ?

Suppose I’ve set up passkeys with an iPhone, and I would like to change to Android (or simply lose my phone). How does this change affect my passkey experience?

@coolspot18

8 ай бұрын

I think this is going to be problematic unless people use a password manager with passkey support for cross platform support?

@LivingInCloud1

7 ай бұрын

Just register another key for the same account on the Android. Done. Use either device to log on.

@frituurvlieg

7 ай бұрын

@@LivingInCloud1 but the thing is, how do you register that? I mean, what if for example my phone is lost and now I have bought a replacement phone. How can i log in to add another key? You would still need to use a password in this case I assume?

@LivingInCloud1

7 ай бұрын

@@frituurvlieg In that case you need another way to auth. Always keep a spare FIDO key around as a fallback, that way you can get back in and also in a phishproof way.

@DroisKargva

7 ай бұрын

@@LivingInCloud1 seems like a headacke. just stick with 2FA with TTOP and that solves all the problems

how to nonactive the passkey?

Excelente sistema de protección

@julioconradomarinardila3269

2 ай бұрын

Excelente sistema de protección

My fear: Right now, with a password manager - if my master password is compromised, I can just change it - and the rest of my accounts are still fine. (Assuming I change it fast enough) With Passkeys, if my passkey is compromised - then there’s no way to “change” it without going to each website one by one… right? So if I’ve backed up my passkey to a USB drive and put it in a safe - but somehow it gets stolen - then I’m in trouble. Vs if I’ve stored my password manager’s master password on a piece of paper in a safe - and that gets stolen - I can still quickly go and change it before the thief even discovers what it is they stole. And also - what if Google themselves are attacked - with passwords, only the hash is stored on the server so if that hash is exposed, as long as it was salted, the rest of my websites are secure… but with passkeys, if that one key is exposed, all my other websites are exposed. Or do I have this whole thing wrong?

@lorkano

4 ай бұрын

Only public key is stored at google, and is useless when compromised. They could only sign in to google with it. To compromise passkey, you would have to have your private key compromised which is on your device

@-ok-

4 ай бұрын

@@lorkano I thought "passkeys synchronise across devices" using Google Password manager? If so, that would imply that Private Keys are also synced across devices = stored in the cloud?

how does 2fa cost me money?

@Carlito_El_Gooner

Ай бұрын

That was one of the many questions I had.

Wait, did she say "if you buy another device, Google has stored your passkey info on their servers, so your new device will work ...." ?? How is that ultimately secure?

@martijnvanderwal3976

14 сағат бұрын

It actually isn't 100% secure in that aspect. But this is the same for passwords. If you choose to use a service that stored your passwords/passkeys on a server, there is always a chance of it getting breached. But two things to keep in mind. You could choose to keep your passkey only on your device, or buy a security key to store the passkeys on. Another thing to keep in mind is that passkeys are still more secure in other aspect, like being phishing resistant.

it's an universal authenticator?

So if someone steals your phone you're screwed everywhere? Too much dependency on your phone.

@LivingInCloud1

7 ай бұрын

How would they unlock the stolen phone?

@chadsexinton

7 ай бұрын

@@LivingInCloud1 I mean you wouldn't be able to login anywhere.

@LivingInCloud1

7 ай бұрын

@@chadsexinton Create another key on a FIDO and also in Windows Hello. Done. 🍺🍺

@LivingInCloud1

7 ай бұрын

@@chadsexinton Also, you would have an iPhone keychain backup?

so a passkey is biometric identification? why do they call it passkey then?

@LivingInCloud1

7 ай бұрын

Its not. Its agnostic to how it is being secured itself. But biometrics are a common way to secure the Passkeys.

What is the fallback for users with no smartphone?

@brandoncortes9655

9 ай бұрын

usar la contraseña o pin almacenada para iniciar en tu dispositivo, además debes adaptarla al cambio en caso de que decidas cambiar la contraseña

@davidgarciag

8 ай бұрын

You can create passkeys within your browser, i imagine you have to be logged it for them to be saved

@LivingInCloud1

7 ай бұрын

Windows Hello, FIDO Keys...

But one can wonder why this solution wasnt implemented earlier if passwords are so bad. One way to get rid of passwords is for the site not asking the user to create an account. But then the companies cant as easily harvest your data and target you with ads.

@DroisKargva

7 ай бұрын

real

@ChibiKeruchan

5 ай бұрын

because earlier we do not have quantum computers. we are in a different ERA now. your password can be cracked easily if you don't make one that is 20 alphanumeric password with special characters.

Why would passwords stored on a server be compromised if a databreach happens. They should be hashed/encrypted anyways!

@martijnvanderwal3976

13 сағат бұрын

You are questioning that passwords breaches are useless because the passwords could be hashed? 😂 You can brute force them, you can run a huge list of known passwords and their hash. You can use dictionary attacks, you can use credential stuffing. There are so many ways of breaking into an account protected by a password. With passkeys these attacks don't really exists.

What if my fingerprint is stolen? There are ways to print someone's fingerprint.

Seems nice... But then Google will log and see every site I logged... What about privacy?

@martijnvanderwal3976

14 сағат бұрын

they could already do that when you use Google Password Manager with passwords. I'd put more trust in 1Password or another password manager

finger of unconscious user grant all access... There is already a lot of stories when users get drunk by scammers and lose all money when use fingerprint on banking apps. Never use biometric on banking

@DroisKargva

7 ай бұрын

this is good approach. what if robber comes and grabs your phone and forces you to give him your phone pin. then he can use passkey to access any resource from your phone.

@Bless3757

6 ай бұрын

​@@DroisKargvawhat is the same robber just demands for your bank password instead then? it's the same deal really almost ALL account hacking is done through phishing attacks and data breaches, which passkeys are MUCH more resistant to

All this talk and windows 11 pc with Edge browser still doesnt support passkeys. Lame

what if one does not have a smartphone?

this is basically shifting the password keeping responsibility to the user, instead of company. you lose your device, too bad. Good for corps

@martijnvanderwal3976

14 сағат бұрын

It's actually not much different. If you forget your password you also need a recovery via email or something else. It's the same with passkeys. Also, passkeys are usually backed up in some cloud, like with iCloud Keychain, Google Password Manager, or 1Password. Also, why would it be "Good for corps" when you loose your passkey? they just want you to sign in quickly to use their website/app.

What appen if I lost my android phone?

Therefore Passkeys can be hack if the server has been compromised! 😅😅😅😅😅😅 On Android, passkeys can be stored in the Google Password Manager, which synchronizes passkeys between the user's Android devices that are signed into the same Google account. Passkeys are securely encrypted on-device before being synced, and requires decrypting them on new devices. Apple designed iCloud Keychain and keychain recovery so that a user's passkeys and passwords will still be protected under the following conditions: A user's Apple ID account used with iCloud has been compromised.

So what if you lose your device? 🤔

This video brings more questions than answers. Is the passkey the same as fingerprint? It's implied that it is. If not, why not? How is it not? Is it a device token? Is it a "public key" vs "private key" scenario? HOW DOES IT ACTUALLY WORK. If someone steals my fingerprint, will they now control all my passwords?

@martijnvanderwal3976

13 сағат бұрын

passkey is not the same as a fingerprint or any other biometric. why not: passkeys are stored on your device, and you can only access them once you unlocked your device. It is not a device token, it doesn't even indicate what device it was used from. It is a public/private keypair, yes. If someone steals your fingerprint, then yeah they could sign in using your passkeys. This argument comes up a lot, but how common do you think that is? Believe me, you would have so many more problems if someone is specifically recreating your fingerprint 😜

What if you use finger. And then injure it .. rendering it useless for recognition

@LivingInCloud1

7 ай бұрын

Register multiple fingers. If Hello, use also PIN and face recognition.

is there a better, simpler, direct explanation for how this works?

Didn't understand a word of it

the audio in this video is poor, I could hardly hear what the narrator was actually saying

Seems to be more one thing to make impossible to live without the gapps in your phone.

@Ghfvhvfg

10 ай бұрын

I use KZread that’s basically all…

Not entirely clear

รหัสผ่านผิดบ่อย ทำไงดี ลองเปลี่ยนเป็นพาสคีย์ ดู

People dont see this, but this solution drifts from an open internet environment to a closed one. Instead of being dependant on ourselves when logging into pages, we will now have to be dependent on the os, as well as actually giving out our passkeys to Google so they can log in freely to our resources. Big no!

@camoelmao

10 ай бұрын

Google said in a blog that your pass keys are send to end encrypted so Google can't access your login credentials

@pernilsson2394

9 ай бұрын

​@@camoelmaobut google knows what encryption is used. And they most likely have the resources to break the encryption.

@spencerblumenfield5377

8 ай бұрын

@@camoelmao i believe these would be stored locally on the device the only thing google would have access to is the public key

What if someone stoll the device?

@LivingInCloud1

7 ай бұрын

So? How would they get into it? You do secure your devices already today we hope?

Soooo.... how can I share my netflix or similar with my whole family?

@martijnvanderwal3976

13 сағат бұрын

multiple ways, you can share access to the same passkey with a password manager like 1Password or iCloud Keychain. But most websites that implement passkeys will allow multiple passkeys, so you could add them for each family member or friend.

But users appreciate password sharing.

@mickeymond

11 ай бұрын

If you say password sharing, do you mean having access to another person's password so that you can log into their online accounts?

@uchennaofoma4624

11 ай бұрын

I think so

@mickeymond

11 ай бұрын

Woow. From a security standpoint, that is quite inappropriate. If letting other users access your online account(some controls) is the goal then a delegate access will be the best way to go where they will also have separate credentials to log in. However, if existing password managers allow for password sharing, then allowing for passkeys sharing with others should be possible now or in the future based on user requests.

@nagarajansubramani

11 ай бұрын

@@mickeymond Yes like with Netflix and other paid services where sharing is caring, and brings down the cost by division, that corporates absolutely hate and go through hoops to have you stop.

@mickeymond

11 ай бұрын

@@nagarajansubramani 🤣🤣🤣 Then let's pray hard that Netflix and the likes do not migrate to Passkeys soon. And even worse, make it a mandatory login technique. Profiles in Netflix could be sub accounts that also log in to Netflix but enjoy their parent account's subscription but I guess it isn't a win for Netflix so they won't do that. Passkeys can actually be a frustration for Netflix account sharers a whole lot.

Passkeys are also a pain right now. Nobody understands how it works. Some magic QR code and no overview to manage them. Plus loads of bugs in usability.

Fingerprints, face scans and PINs are all a type of password. The assertion that this is will lead to a "passwordless future" is absurd and deceitful. Also, from Google themselves, "anyone who can unlock the device can sign back into your Google Account with the passkey." That would include every other account you use passkeys for. This does *not* sound secure at all. We aren't even told if buying a new device will cause us to be completely locked out of our accounts if we don't have access to our old device. And if it were possible to log into our accounts using a new device without the need of the old device, that basically defeats the whole purpose of passkeys.

@LivingInCloud1

7 ай бұрын

As long as you have ANY way to get in, you are fine. I have registered Passkeys on my FIDO key, in Windows Hello and on the iPhone for the same account so pretty much whatever happens I will get back in unless there is a fire and all devices are lost. Place a key on a cheap USB FIDO and store it at your parents house. :)

@LivingInCloud1

7 ай бұрын

Also, you can not view Passkeys as a kind of passwords. They are based on the FIDO spec and are not phishable. They are FAR from passwords in a technichal sense.

@YourComputer

7 ай бұрын

​@@LivingInCloud1 Clearly, no one is complaining about the scenario where you still have access to an already whitelisted device. What happens when you run out of ways to authenticate yourself? How do you prove that you are who you say you are? (Yes, let's assume worst-case scenario.) The only thing I can think of is an account recovery system that necessarily hangs on one-factor authentication. But to take one step backwards defeats the whole point of 2FA. You wouldn't be able to rely on the device having the same phone number, for that is insecure and naive. The whole notion of passkeys and 2FA appears to be self-refuting. On the one hand it asserts that passwords are the problem, while on the other hand it makes heavier use of passwords to solve the password problem. Sure, passkeys are a step above passwords in the sense that they are cryptographically strong and use a public-private key combo, but, lo and behold, a password in the form of either biometrics, face scan or PIN are still part of the picture. As far as I can tell, 2FA is not about protecting the user from other users. As it stands, it benefits companies more than it does users. It is no surprise why no one claims it is a perfect solution, and simply resort to it being a "better solution." Not even FIDO attempts to offer up a solution for cases where the user has lost all possible forms of authentication. Instead, FIDO places that burden on companies to come up with a solution for that. But I have yet to hear of anyone proposing a solution. Granted, it is not straight-forward to solve, but forcing people to have 2FA before a solution is implemented is absurd.

@LivingInCloud1

7 ай бұрын

@@YourComputer In a company setting, its a no-brainer to use Passkeys as there will be an admin available to let the user back in. Private accounts may turn into a problem, so again make sure you have multiple ways to authenticate. Like an extra FIDO at your parents house. ;) The added security is easily worth the small cost of a FIDO. PINs are involved for sure, but only on the device itself. That PIN is not possible to abuse/guess over the Internet, like a password is, for an attacker. There is a reason Passkeys are invented and the fact that you have to go to extremes to find a "weakness" is telling. What if you forget your password, lose access to the recovery e-mail address and your phone breaks down, all at the same time? What do you do now? :)

@YourComputer

7 ай бұрын

@@LivingInCloud1 Yeah, in a company setting, replacing passkeys is not difficult. But the issue with passkeys would still apply, in that losing the key and the key falling into the wrong hands, anyone with that key can enter. It would be no different than someone gaining access to your phone which has all the passkeys stored on it, therefore gaining access to all accounts that make use of passkeys. Like Google said, "anyone who can unlock the device can sign back into your Google Account with the passkey." The fact that something like SIM swapping exists is what makes worst-case scenarios difficult to impossible to account for. In the worst-case scenario where you lose all possible ways to authenticate yourself, how do you prove that you are who you say you are? You can't rely on the phone number, you can't rely on your home address, you can't rely on your full name, you can't rely on even social security number, etc, etc. If you can verify yourself by means other than 2FA, then 2FA is rendered useless. So long as I can pretend to be you, it wouldn't matter how many passkeys or secondary devices you have. For as long as this issue exists, 2FA will offer nothing but a false sense of security.

Great info, but music? Really??

basically if someone can login to your laptop/cellphone, they have access to everything

@xE92vD

9 ай бұрын

If you do allow them to. Passkeys require you to have a biometric way of logging in, so a password can't be used to use a passkey.

@Comments_From_All_Channels

7 ай бұрын

Fingerprints get hacked unless you use mark of the beast

@ChibiKeruchan

5 ай бұрын

@@xE92vD finger print are easy to get when you are drunk or asleep. password don't. unless elon musk find a way to find your password using his neurolink 😂😂😂😂😂😂

@Carlito_El_Gooner

Ай бұрын

@@Comments_From_All_Channels Was locked out of my own phone once cos the phone didn't recognize my own fingerprint. Had to do a factory reset to get back in.

that's good,I'm want forget password

Being using some apps with fingerprint auth. It's great!

🎉🎉🎉

Sounds like a data breach would mean a bad actor could spoof a login using your private key anyway.

@martijnvanderwal3976

14 сағат бұрын

Depends where you store your passkey, the private key can be kept on your device or security key if you want. But by default they will most likely be stored in a password manager in the cloud, like 1Password or iCloud Keychain, which have both never had a breach...

This video is very hard to follow: the off-voice intonation is very wavy, and the voice does not detach much from the background music... For a non-native English audience, it requires a lot of attention to understand what she says.

Passkeys are awesome thanks to their convenience

1:15 it was good until you said fingerprint

@Carlito_El_Gooner

Ай бұрын

Bro, don't mention fingerprints again. Once my phone did not recognize my fingerprint no matter how much i tried. I was locked out of my phone and had to do a factory reset to get back in. Lost everything.

Ohhh, let's store the private key on an implant! 😅

Hi

hmm

0:44

@Priyanto-gp8lq

11 ай бұрын

❤

Mention in the title "non mathematically" too

KZread

Like so many you are unable or unwilling to put yourself as aa newbie or non tech, you lost me less than 2 mins in, no help at all

Backing up passkeys with google. That sounds like a bad idea

@Carlito_El_Gooner

Ай бұрын

Why? Google will always watch your back.

@martijnvanderwal3976

14 сағат бұрын

@@Carlito_El_Gooner They actually had a breach a while back... I'd use 1Password...

If you give your private key to Google, you give them access to everything you want to protect. In public key encryption, you never give anyone your private key. That's what makes it secure. Ya gotta wonder what's going on with Google? Or is this explanation more marketing than tech.

@martijnvanderwal3976

14 сағат бұрын

"you never give anyone your private key": A password is basically your private key, which a website stores on their server... It's weird how people suddenly don't want google to store their paskey, but do happily store their passwords. I don't blame anyone for not choosing Google, you can use 1Password or some other password manager. You can even store passkeys on an security key if you want.

So basically everyone has a crypto wallet now

Great information

Does not work! Whenever I used saved password on PC it does not prompt for passkey. I had to set up Windows hello.. when logging on from mobile device there isn't any passkey prompt either. BTW passkeys have been setup in my Google account. Google is broken unless someone can fix the above 2 problems for me.

س ‏‪0:53‬‏

Yeah now you want me to use it just to log into youtube while i'm pc this aren't going to work when it made for smartphones which i don't own as i go with dumb phones.

Yet again that hated background music overlapping the voice.

I hate this video I need to know how to get it out that’s all I’m not locked out of phone I can’t sign in to google

You need just password from Google account to access any account you want :)

Great short writeup! 🍺🍺