PASSKEYS
A passkey is a password that you are not allowed to know. Your phone knows it, but you do not.
Do not use passkeys. Here is why:
- The passkey ecosystem is complicated. I have read articles and listened to podcasts from techies, people that normally understand these things, and they all have questions about how passkeys work. Using a system that you do not fully understand is like diving into a pool where you don't know how deep the water is.
- Not every computer system will be upgraded to support passkeys
- If something goes wrong with passkeys, you will still need a password as a fallback mechanism
- Unlocking an account using passkeys on a phone, increases the reliance on our phones for security. Phones inevitably get lost, stolen or broken, so passkeys makes the loss of a phone that much worse.
- Passkeys are built on the assumption everyone has a smartphone. People who don't, who get Internet access at a Library, are screwed by the passkey system.
- Why are passkeys being pushed by Google, Apple and Microsoft? Really, why? Some have said the real reason is to lock you into their ecosystems. This makes all the sense in the world to me. Even in a year or two (I am writing this in May 2023), when passkeys are more widely available, I doubt that an Apple user will be able to use their passkey on an Android device or Windows PC. Time will tell.
This May 2023 article in Ars Technica Google passkeys are a no-brainer. You’ve turned them on, right? by Dan Goodin is supposed to argue that passkeys are great. Yet, as I read it, I ended up with a many questions. Rather than being a good thing, this article, in my opinion, shows passkeys as a bad thing. Read it for yourself.
FYI: The Security Now podcast of May 9, 2023 raised an interesting issue. Someone who does not own a computer or smartphone and uses the Library for their Internet access, can not use passkeys.