Having seen the amount of people still keeping their passwords on sticky notes/on random scraps of paper/in the notepad.app on their phone/pc when there’s literally a built-in biometrically secure app on the same device – yeah, passkeys are safer for the *average person* for this alone. It forces you to use what you could already be using to store passwords in the first place. It also cuts down on tech-supporting the users that bork their profiles/lost their passwords/devices as we can verify manually and send an updated passkey out. From there. they can just save however they wish.
Not only do I have to support these kinds of users, I also have to log into no less than 3 machines with several realms of security at any given moment. Passkeys has turned the 10 minute first login of the day ritual into a 1 minute speedrun of me clicking “Use this Passkey” or scanning the QR code/tapping notification on my phone.
Bonus: My passwords don’t expire now because they didn’t get used in the first place.
Hm, ok. Maybe it’s time to take another look.
It’s not. There is almost zero security improvement between a passkey vs a randomly generated password + 2FA.
The only concern is if you’re dumb enough to give away your password, or not activate 2FA on critical accounts.
Having seen the amount of people still keeping their passwords on sticky notes/on random scraps of paper/in the notepad.app on their phone/pc when there’s literally a built-in biometrically secure app on the same device – yeah, passkeys are safer for the *average person* for this alone. It forces you to use what you could already be using to store passwords in the first place. It also cuts down on tech-supporting the users that bork their profiles/lost their passwords/devices as we can verify manually and send an updated passkey out. From there. they can just save however they wish.
Not only do I have to support these kinds of users, I also have to log into no less than 3 machines with several realms of security at any given moment. Passkeys has turned the 10 minute first login of the day ritual into a 1 minute speedrun of me clicking “Use this Passkey” or scanning the QR code/tapping notification on my phone.
Bonus: My passwords don’t expire now because they didn’t get used in the first place.