@nek I'm in no way an expert, but my issue with Passkeys is the unreliability in the implementation and that they're saved in silo vaults.
Twice now, I tried using a Passkey on my Pixel, only to get the message that "something went wrong." This is scary. It's a good thing I don't depend only on passkeys then. A fallback is necessary.
I think keeping passkeys in Google or Apple, etc., is a mistake, as they don't share them. I use 1Password for cross-platform availability, but now must have it installed wherever I want to use it.
Hence, I'm forced to fall back to TOTP and physical keys (Yubico).
Physical keys can get lost or forgotten, so they are not ideal. TOTP is said not to be as secure as passkeys and physical keys but are needed for a reliable fallback.
TOTP then is the weakest link in my security chain, hence passkeys, for me, are not the answer since given my setup, regardless of my using them, I'm no more secure than I am just using TOTP.
@Jerry Good points. I was using 1Password but migrated to Bitwarden because of lower cost and slightly larger client selection. It recognizes sites that offer passkeys. And I have gotten similar failure messages - almost always with Google sites. I pretty much use just a single laptop so I haven't seen much value in physical keys for my limited needs. I appreciate your sharing practical experiences, and am glad to know my host provider gives due thought to such considerations. Thanks, Jerry!
@nek Seems Google didn't do enough testing, if I'm not the only one getting errors. I hope nobody decides to trust their authentication to only Google passkeys then...
Add comment