TLDR.Chat

Understanding Passkeys: A New Era of Online Security

Neatnik Notes · Passkeys are not passwords 🔗

Passkeys represent a new technology for website authentication that utilizes public-key cryptography, offering enhanced security against phishing. Unlike traditional passwords or SSH keys, passkeys cannot be easily exported or copied, as this feature is essential for their security. While some users desire more flexibility with passkeys, such as portability across devices, it is important to adjust expectations and embrace their unique design. Users are encouraged to set up passkeys on their regular devices and services without overthinking the process, which ultimately leads to safer online accounts.

What are passkeys and how do they differ from passwords?

Passkeys are a form of authentication that uses public-key cryptography, making them more secure than traditional passwords. Unlike passwords, passkeys cannot be easily exported or shared, which helps protect against phishing attacks.

Why can't passkeys be exported like passwords or SSH keys?

Passkeys are designed to be unphishable, meaning they cannot be shared or accessed by others. This inability to export them is a security feature that prevents potential vulnerabilities associated with phishing and data breaches.

How should users manage their passkeys?

Users should set up passkeys on their frequently used devices and services without worrying too much about portability. If they change devices, they can use an email sign-in fallback and create a new passkey afterward, ensuring their accounts remain secure.

Related