✅ Watch next ▶ What Is a Passkey? ▶ kzbin.info/www/bejne/bJ2lmquClNajqNE

Cheers. I'm at the point where I can follow along as I hear it; not quite at the point where I could explain it to someone else. But getting there.

This is probably your most confusing explanation, I've read. Usually, you are much clearer. More concrete examples might have helped, if possible.

Passkeys are indeed secure but if the owner loses the phone or laptop device and a hacker gains access, then all those passkeys (or rather login credentials) would effectively be compromised; correct?

I respectfully disagree. Two factor authentication means using two factor out of the following three: Something you have, something you know, something you are… and passkeys satisfy at least two of these. The device the passkey is installed in is the something you have. Unlocking the device with a biometric satisfies the something you are or unlocking with a PIN is the something you know. This said, I am not a fan of passkeys that are shared between devices. For the utmost security, I feel safer installing a device-bound passkey on each device you want to use as a login device. Remember that you do not need to install a passkey on all devices you want to log in from. You can log in on a device without a passkey installed by scanning a QR code it presents to a device that does have the passkey on it.

Most websites and apps with 2FA capability need 2FA code only the first time youre logging in. Then you can either stay logged in or it will ask for your password or pin the next time you log in, just like with passkeys.

Your password can be obtained by phishing, etc from halfway around the globe. If you are no longer using a password to login, it can't be seized, while at the same time your passkey is never vulnerable to those attacks, which are far, far more common than losing your phone/laptop. Even if they have your passkey, they can't access your account unless they have your devices.

Thank you for the video. But I would disagree with the fact that passkeys are more secure than strong passwords in all situations. Mobile phones, mobile tablets and - to a less degree - laptops which you often take with you are a big question in this case. We know that the "Security is Only As Good As Your Weakest Link". If one of the above-mentioned devices is lost or stolen that it is only required to guess your PIN to get the access to ALL your personal and financial data. Yes, you can change your private keys for all the services, but it takes time. And sometime a lot of time depending on where you lost your device or when you realized that. Yes, IF you phone of laptop is powered off, and IF they have the entire data partition encrypted, than it will save your data (provided that your password is strong). Yes, IF you use face ID or Fingerprint unlock option, than it may protect your data to a certain degree (provided that you do not have your phone rooted), Such "protection" is not very strong as we know, it may give you more time to change your passkeys, but not much usually. And you still have your headache coming from the urgent passkeys cancellation or recall. Yes, IF you use a strong passphrase (I do not know if it is possible with online services though), than your data is protected, but what is the point in passkeys in this case? I would prefer to stick to using strong passwords at least on this type of devices. I also would use Keepass2Android/Keepass2 or my PGP keyring (but for encrypting the list with the passwords locally only) + a good open source 2FA app like aegis (Android) or WinAuth (Windows) which can also be protected with a password. In addition you can make your browsers to delete the session cookies so that session stealing is not possible. You can do it with passkeys to, but will you have too make it all over again (the process of setting your login with a passkey)? You can use passkeys on your homePC. But would it be convenient to you to have different modes of authorization to one particular service? And would this service allow this? These are the questions.

Unfortunately saying it slower doesn’t help

My corporate accounts require 2FA every time I log in. Every. Time.

It seems to me that passkeys are just a replacement for that cookie mentioned at 1:34

May I disagree, that Passkey is not Two-Factor? IMHO it is Two-Factor: 1. Something you know or you are: pin-code or biometrics to unlock device. 2. something that you have: the device, which is Passkey capable.

Can I set up alternative methods to sign in to the same website or app. For instance a yubikey and an app based authentication. So if one fails, the other can still work. Having multiple methods to get in, not including the less secure SMS or email.

Argh!! I am 78 years old and have been around since the beginning of computers. I learned about computers on a PDP-8. I have been waiting patiently for software engineers to be bright enough to have one device like a yubikey that holds a unique code like a passkey that identifies “me” on any computer and on any website that I have an account on. I am beginning to feel that I may not live to see it.

Very informative!

something you know, something you have and something you are(biometrics)

Silly but specific question if thats ok! Not expecting an answer but advice is appreciated. Work has started forcing passkey on work accounts after previously enforcing two factor. I have set this up on my phone optionally (as its inevitable it will become mandatory) but Im not getting the QR code prompt on some other devices Im trying to sign into that require passkey eg. Accessing edge work profile on communal work desktop. Some PCs work fine others require a security usb which I have never had. Any advice for getting edge to prompt the QR code? (Setting up passkey on the shared work pc is not possible due to enforced no pin or biometric)

Thank you so much for this amazing video! I have a quick question: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How can I transfer them to Binance?

Clear as mud. I think our society has gone crazy with technology gobbledygook.

Can you explain why a software (BIOS) update creates what some sites see as a new device?

This is the first time I have failed to understand one of your explanations. I just don’t get it.

Microsoft offers passwordless accounts which they say are after then with a password.

2 factor is every time, not just the first time.

Now I am really confused after watching this lol

Many people walk around with their phones unlocked in their pocket. Then if the phone is stolen the passkeys will give automatic log in to the websites. In this scenario it is worse than user/password. If you are in the habit of leaving phone unlocked then user/password is the way to go

If I set up a passkey for an account with my phone and then want to log into that same account with another device, how does that work?

I'll be frank. Every description of passkeys that I've heard makes them sound LESS secure than MFA. I'm working in the industry (vaguely) and I just don't trust them.

Currently only a few web services offer passkey as it is slowly rolling out

1 questions can passkeys be hacked or is it impossible