Passkeys Vs Passwords & MFA - Weighing the Pros and Cons!

Рет қаралды 51,251

Күн бұрын

Get $5 a Yubikey 5 NFC: www.yubi.co/sh...
Get a Yubikey and protect your accounts! amzn.to/3S8BSLL *
This episode is sponsored by Yubico!
Watch my Passkey episodes here! - • All About Passkeys
LINKS:
Who is using passkeys? www.passkeys.c... and passkeys.direc...
Passkeys FAQ: www.yubico.com...
www.yubico.com...
Hardware Bound Passkey FAQ: www.techrepubl...
FIDO2 and Passkeys: www.techrepubl...
1Password now supports passkeys: www.techrepubl...
FIDO White Paper: media.fidoalli...
fidoalliance.o...
How Long Does It Take To Brute Force A Password in 2023? www.hivesystem...
Passkeys with Google: www.theverge.c...
Passkey.org: passkey.org/#T...
FTC: Links marked with * are affiliate links, which means I make a small commission off any sales.
Becoming a Morse Code Member by checking out the perks linked here!:
/ @shannonmorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
SUBSCRIBE! 🌸 www.youtube.com...
TWITTER 🌸 / snubs
Patreon 🌸 / shannonmorse
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
SUPPORT MY WORK
Patreon 💛 / shannonmorse
Buy Me a Coffee 💛 www.buymeacoff...
Shop 💛 snubsie.com/shop
TeeSpring 💛 teespring.com/...
Coupon Codes 💛 snubsie.com/su...
Tech I Use & Recommend 💛 kit.co/Shannon...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
FOLLOW THE SOCIALS THINGS
Twitter 🌸 / snubs
Instagram 🌸 / snubs
KZbin 🌸 www.youtube.com...
Website 🌸 www.shannonrmor...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
TECH I USE AND RECOMMEND
My Kits, Builds, and Must Haves ✨ kit.co/Shannon...
My Amazon Influencer Page ✨ www.amazon.com...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
MY OTHER SHOWS
ThreatWire 🌙 www.youtube.com...
Sailor Snubs 🌙 www.youtube.co...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
GET IN TOUCH
Mail ✈
snubsie.com/co...
Email for Business and Sponsorship Inquiries ✈ Shannon@ShannonRMorse.com
My Media Kit ✈ snubsie.com/wo...
Sponsor This Channel ✈ snubsie.com/sh...
Music from 🎵 Epidemic Sound: www.epidemicso...
💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜💜
😍 FTC DISCLAIMER 😍
Affiliate links listed above allow me to receive a small commission. Any sponsorships for videos are noted in video and listed in descriptions. Any products provided as gifts are listed above. Thank you for your support!
Comment section code of conduct policy:
Constructive feedback is appreciated, but please leave unproductive, divisive and harmful conversation at the door. Hateful comments are not tolerated, and these kinds of messages will be automatically removed. Thank you for making this community a welcoming experience for all viewers :)
snubsie.com/co...

Пікірлер: 189

@jmr Жыл бұрын

Here's why I think passkey could potentially be better. A smooth passkey experience could mean easier login. Then logging out at the end of each session instead of "remember me" would mean no valid auth token that can be stolen between sessions. Stolen auth tokens is the primary weakness of hardware MFA.

@zileanicathun 8 ай бұрын

a chip in the arm

@jmr 8 ай бұрын

@@zileanicathun I'm not referring to the hardware key getting stolen. Auth tokens are digital and they are stolen from your device(PC phone tablet).

@kylerx7 Жыл бұрын

definitely want to see passkey becoming more accepted by more companies/applications, but using a password manager to make strong passwords if a good alternative till then for stuff that doesn't support passkeys. I still find some sites even limit passwords to less than 10-15 max characters like wow that is crazy.

@AngryIrishman0007 Жыл бұрын

How secure is Protons new Password management?

@VeronicaExplains Жыл бұрын

Sending this video to my customers the next time one of them asks me about passkeys. What a great comparison, thanks for making it!

@ShannonMorse Жыл бұрын

Glad it was helpful!

@andynl6443 Жыл бұрын

Local KeePass & 2FA via TOTP integrated to Firefox & delete cookies after closing tabs works like a charm.

@arkvsi8142 Жыл бұрын

No, bitwarden is better and more private

@MaxMustermann-vy7ur 11 ай бұрын

@@arkvsi8142local is always better than a cloud based password Manager like bitwarden. Still bitwarden is secure

@panagiotiskaraberis1151 16 күн бұрын

@@arkvsi8142 As Andy mentioned, LOCAL is the key here, if you DONT trust ONLINE pass.managers ! I'm using local KeePass for over a decade (!!) ad I found in REALLY secure , if you know what you are doing ! And EVEN in 1password, or Bitwarden, or other ONLINE pass managers get hacked, your MASTER KEYS will never leave your local device (usb storage, laptop/desktop etc) HIGHLY recommended !

@rpm3605 Жыл бұрын

I appreciate the presentation, Shannon. I do think that Passkeys become more ubiquitous, I will stick with a password manager, complex long passwords, 2FA wherever possible, and different passwords for every site.

@realityos Жыл бұрын

Great video! Something to consider: I recently had a crash during holidays and had iCloud secured with hardware keys. I had the hardware key, but macOS (admittedly beta) crashed every time in recovery mode when checking the hardware key, so eventually lost all the data on FileVault. So be better than me and consider all points of failure and don't use half-popular authentication methods.

@Private-GtngxNMBKvYzXyPq Жыл бұрын

FileVault + Encrypted Time Machine + Encrypted Backblaze?

@VitalStatistics-t7t 6 ай бұрын

I'm currently in the 'both' camp, but very much looking forward to passkeys being everywhere. Great video!!

@macbitz 11 ай бұрын

Interesting video but what is not clear is how passkeys on a phone are protected? I assume once a criminal gains access to your phone (e.g. by guessing a 4 digit PIN) then they can use all the passkeys stored on it, because those keys are automatically presented to any challenge? Using a complex unique password stored in a password manager plus a 2FA key generated by an authenticator app seems to me to be more secure because then the criminal has to break in to not only my phone, but my password protected password manager app AND my password protected 2FA key generating app. There's a saying in IT that the more convenient a security system is, the less secure it is.

@robertm5957 Жыл бұрын

I may be a minority here but this gets overwhelming. Trying to understand what a passkey is, vs a password manager and how to implement it all for my entire family. I just started learning to use Bitwarden but this makes me think that’s outdated and I should get a pass key. A lot to sift through, but I appreciate your site!

@koneofsilence5896 Жыл бұрын

online security will remain a topic for all of us I would say as you use Bitwarden, and you probaly will slowly go through all of your accounts to give them long new passwords, get a yubikey or so as well to protect your Bitwarden account

@MoneyGist 8 ай бұрын

Bitwarden is definitely not yet outdated. Still going to take a while for passkey to go mainstream and till then, your best bet is a good password manager AND an authenticator app (Aegis, Google Authenticator, etc.)

@SeanSturgess Жыл бұрын

Thanks Shannon, great explanation of the pros/cons. I started using a passkey last month, very convenient to use, once I got the first set up done.

@PWingert1966 11 ай бұрын

I ran into a 2FA issue that is not easily resolved. I was upgrading my phone from an iPhone 11 Pro to a 13 Pro. as part of the installation Gmail was transferred over. Gmail uses 2FA. It wanted to send a 2FA code to my old iPhone 11 which had completed its transfer and been wiped. This left googles 2FA with nowhere to send the 2FA code. I wanted it to send it to my tablet. buit when I brought gmail up on the tablet it wanted to send the 2FA to my phone (The old phone because the new one had not validated yet) Needless this left me in a chicken and egg scenario. Luckily gmail was still opene on my laptop and I was able to disable the 2fa long enough to bring up Gmail on the phone and rehome it to the new phone. The rep in the store claimed he had never heard of this issue. I am surprised and was wondering if this is an issue anyone else has come across. with passkeys I hope this issue will go away.

@terrencebanks8862 Жыл бұрын

I would love to go all passkeys but unfortunately it is not possible at this time. I am probably the strongest advocate for getting rid of passwords.

@Private-GtngxNMBKvYzXyPq Жыл бұрын

Ranked choice 1. Passkey 2. Strong Password + MFA 3. Strongest Possible Password Take steps to control your devices so multiple factors are needed to add a device resulting in a passkey being added to a new device and be sure to pay attention to notifications about new devices.

@JohnnyKelly 20 күн бұрын

Password protected Passkey?

@Fham-y9d 28 күн бұрын

Recent subscriber, great content! Have you done a password vs passphrase (diceware) topic? I would like to see your thoughts & comments on that.

@JasonParkerMagic 7 ай бұрын

Google is already pushing me to use their passkey. Have you seen this?

@tajitian_sunrise 8 ай бұрын

question, since NFC has a lot of Vulnerabilities, if I'm not mistaken, Can you use a small iphone Lightning or Usb connector? Is that possible, with Yubikey?

@terrydunlap8441 6 ай бұрын

Yes, you can use USB-C or lightning rather than NFC.

@LivingInCloud1 11 ай бұрын

Password+MFA is not a comparable same-level thing as Passkeys. Passkeys are phish-resistant while PW + MFA is not. This is a big deal that makes Passkeys win the evaluation every day.

@chaosfenix Жыл бұрын

I want to be on team passkey but there is another big con of Passkeys you didn't mention that breaks them for me. Remote access. If you utilize remote access tools like Teamviewer, Anydesk, or Parsec then passkeys are not for you. Passkeys currently only allow authentication on the local host so unless whatever machine I am accessing remotely is close enough to go and log in with the passkey then I am sunk. Then again if I am close enough to walk over and authenticate with my passkey why would I be using a remote access tool in the first place?

@mmaxime Жыл бұрын

With integrated authenticators ones (with Windows Hello for example, you could type your computer's password instead of scanning your fingerprint to unlock the passkey) you will not have that issue. And with password managers (which are going to become passkeys managers in the future), that gap is going to be filled as well, as they will allow you to have your passkeys on all your devices. 1Password is already doing it very well on its beta version. But with hardware or external authenticators (e.g. using an Android phone to log in on a website on a Windows computer), yes you are currently screwed in that scenario, as they require proximity with the device (by being plugged in or with Bluetooth) as a security measure to avoid any possible remote attack or someone tricking the user into accepting a request.

@chaosfenix Жыл бұрын

@@mmaxime Yeah my use case is the one you reference in the last paragraph. I regularly log into a remote system and have it up on one of my monitors. Hardware tokens work great unless I want to sign into something on that remote system. When that happens it doesn't work hence why I said it was an issue that wasn't mentioned.

@MadBison 11 ай бұрын

Mstsc.exe (RDP Client) will allow the Yubikey to get full passthrough to the remote device. Pair with tailscale for VPN to the remote network. I have even gotten yubikey to work from client, through a local network VM, and subsequently into a VM that is cloud hosted with VPN to access it.

@hoopoe_ 11 ай бұрын

As I understand it, if you want to use passkeys, your phone's lock screen passcode needs to be strong, preferably alphanumeric.

@somebodyoncetoldme2664 2 ай бұрын

I think I'll just stick with my password manager. I changed all my passwords and emails to randomly generated stuff and I'm fine with 2 step authentication. I think chances are it'll be more secure since I worry I'll lose my phone and maybe then loose access to my accounts. Not all sites that support passkeys support setting up a password at the same time like playstation .

@paulojacob Жыл бұрын

Great video! 👍🏻

@krismueller Жыл бұрын

When I started playing with my YubiKey I got from your link I think ideally, I'd still use another authentication method. I'd love a world were more companies got on board with the Biometric one, I saw that the one without had more compatibility across sites, so I went without it. I'd love to have a YubiKey, with Biometric, and then still be asked for a PIN, Microsoft Hello, a notification push, or something (the push notification doesn't work when I'm in office.) I'm all on board for making passwords disappear.

@awesomearizona-dino Жыл бұрын

Good morning Shannon. Great info.

@skunkman62 Жыл бұрын

I was just thinking about getting a passkey this morning. Quantum Intanglement?

@JohnnyKelly 20 күн бұрын

How about using a Cardano Hardware Wallet like the Keystone 3 Pro to act as the Passkey? It has a PIN/Fingerprint requirement to access it AND requires you to use your PIN/Fingerprint again on the device to confirm presence when Signing in. So, essentially, a Passkey with MFA built-in.

@JohnnyKelly 20 күн бұрын

A 24 word seed phrase, stored offline, is backup if your Keystone device is ever lost/stolen/damaged, and can be loaded onto a new, or backup, device.

@ColoRadio6996 Жыл бұрын

GM Shannon, how about some background on the mess in Las Vegas? Cheers J

@adventureswithtime Жыл бұрын

What if I lose my passkey (eg Yubikey)? Also, can you use the same passkey for multiple websites/applications and in multiple devices?

@mmaxime Жыл бұрын

If you loose a hardware authenticator, you need to have a backup one or to have recovery codes that you saved when creating it. If you loose a software one, most platforms are going to sync them in the cloud, so you will be able to recover them on a new device. Also, can you use the same passkey for multiple websites/applications => No, a passkey is completely unique and bound to a relying party (=website) domain as a security measure, so if you happen to be tricked into going to a phishing website, no passkey will be shown to login there as the domain will be unknown. and in multiple devices => if you mean to use the passkey for the same website on multiple devices, yes, the passkeys will be synced by the platform. But if the website uses a resident key (bound to the device) on a YubiKey, then no, you would have to create a new one for the same account on each YubiKey.

@janokartal5690 Жыл бұрын

Nice video Shannon 👍

@ShannonMorse Жыл бұрын

Thanks for watching!

@AyanMullick Жыл бұрын

Thank you for the video. Is there a list of vendors that do and don't support open biometric auth? For example, I can use Windows Hello as a passkey for my Google account. However, I couldn't set up my Pixel6 Pro as a security key for my M365 account.

@ShannonMorse Жыл бұрын

I don't think there is a list anywhere

@markmanning2921 6 ай бұрын

2fa and what have you are a security flaw, a security hazzard. a FICTION of law. What makes a "password" secure or insecure is ***NOT*** its contents but its LENGTH. EXCLUSIVELY its length "$^&n.Ij%" is a MORON level password that is impossible to remember and TRIVIAL for a computer to hack. My two example pass PHRASES which I challenge the worlds fastest super computers to crack (honesty without fore knowledge) are comprised exclusively of lower case alpha characters. No digits, no punctuation and no special characters. "hey diddle diddle the cat stole the fiddle and the cow jumped over the spoon" and "in the beginning when god created the heaven and the earth he declared every day to be good except monday" Both of these are over 30 characters in length and if you are paying attention you already have both memorized.

@ShannonMorse 6 ай бұрын

Passwords (and passphrases) can be as long as a website allows, but if that site isn't securing that data correctly, or saving them in plain text (why is this still a problem in 2024), then we HAVE to take it a step further with 2fa / mfa / passkeys. We can't trust websites to hash passwords with strong encryption - we've seen so many examples of this. So yes - go for phrases, but don't stop there because a malicious actor isn't the only one you have to be sus about.

@Zelousfear Жыл бұрын

Awesome video Shannon, thank you, shared this everywhere!

@raytsh Ай бұрын

How about passkeys in password managers? I'm wondering if this makes them less secure than 2FA (with an OTP for instance). If someone gets access to my password manger, they can use the passkeys stored there without requiring any additional factor. This means having access to my password manager automatically gives them access for all passkey related accounts. If they get "only" my password for a given account by accessing my password manager, they still would need another factor that is not stored there, assuming that I have 2FA enabled for all accounts in question. That's also the reason I don't store 2FA tokens in my password manager. That all said, the question might be what is more likely: Some attacker getting access to my password manager or if I get phished using 2FA.

@Smartiebob317 5 ай бұрын

Lots of luck selling your latest device on solving our password problems. It costs more money and has many unfriendly features. I am locked out of over 1/2 of the apps on my devices because it is impossible to keep up and remember all the passwords.

@fuseteam 11 ай бұрын

Hmmm if your apple id or google account is secured with a passkey, you wouldn't be able to log in without your previous device 🤔 So i suppose at its best it'll cost money as you do have to have a spare passkey device to keep access

@Noam_Kinrot 3 ай бұрын

First - thanks for the video. My big concern with passkeys is that they seem to belong to only one or two companies, and there is no open-source project (e.g.,V-risc, etc..) which you can buy these devices from. I don't trust a commercial enterprise, offering a "privacy and security measure". The more attractive they seem, the greater odd that you're somehow the product. -Seem paranoid? -Just follow what most people "from the industry" have being saying for years..I think its benefits are great, but also, that commercial interests are driving it, due several factors: the costs of password breaches on the client side, as well as ensuing costs of insurance, and proliferation of 3rd party companies that produce MFA authenticators. So much so that NAS companies, provide customers with their own proprietary authenticators (e.g., Synology..). If in the future, external fingerprint readers are standardized so they all can function as Passkeys, I would trust it more, since there are a multitude of companies producing them, which serves as an obfuscating layer against a potential hacker.

@chickadddee 6 ай бұрын

I thought yubikeys must be used every time log in.... that's why they have the nano keys that you can leave plugged in, say if you're working from home all day. No, am I wrong?

@DelfinaKS 5 ай бұрын

Why should customers trust Apple or Google, which are primarily advertising companies with securing their login credentials? I can understand using a service from a company like Yubico which is primarily a security solution company but I don't get the idea of why we should use other cloud storage?

@Real-Name..Maqavoy 24 күн бұрын

With 2FA? *Hell! No*

@sumitghoshal1792 5 ай бұрын

How good is Microsoft Edge password Manager? Is it better than Google Password Manager? Every time Microsoft Edge asks to save the password in their browser.

@paulstubbs7678 Жыл бұрын

MFA is a right pain, often it is tied to your phone, this makes a big assumption, that the phone is always available and never fails. The other day I was at church, and I needed to read an email, no worries, I'll just log onto my provider via a church computer - except they wanted 2FA via my phone, that I didn't have because I was at church (if I did then I'd just use the phone in the first place). This has kind of made my ISP's webmail all but useless, I used to use it as a backup should my primary access fail. Password managers are almost great, I use one, However if I'm at a foreign computer trying to log it, manually transcribing a long and cryptic password into that computer is bordering on impossible at times. Now for passkeys, well I better watch some more Shannon vids.

@DennisBolanos 11 ай бұрын

Hey Shannon, can a flash drive be used as a passkey? I’m eyeballing the Kanguru KDBE30-128G biometric flash drive as a potenial passkey device. 💻🔑🛡

@kamertonaudiophileplayer847 11 ай бұрын

Are hackers select a computer to hack randomly, or have specific targets? I think hackers target KZbin presenters first. So, you seem a good target for hackers.

@seanboulden9898 11 ай бұрын

Talk about a memory trigger... dl'ing music from Napster or Limewire over a 56K connection was an all nite thing for 10 trax. Then cable modems came into play, game changer. That same 10 trax now took 10 minutes or less.

@lohphat 11 ай бұрын

When you’re trying to teach people new things, the background music is REALLY distracting and interferes with concentration when you’re trying to pay attention.

@RonDavidowicz 11 ай бұрын

So, if you use your phone to keep the passkeys, and you back up with Apple and you use a password for logging into your Apple ID…. Then all you passkeys are secured by a password! Am I missing something?

@rpm3605 Жыл бұрын

I’m hearing faint background music during your monologue. Makes it difficult (for me, anyway) to concentrate on what you’re saying.

@PWingert1966 11 ай бұрын

The question is what happens when you die and relatives want and have legitimate right ot access your laptop for family recipes, or important documents. You need to do a whole videoon preparingg your laptop and accounts for being inherited and legally transferred.

@Adventures_of_Marshmallow 2 ай бұрын

If services / browsers provided and shared a unique seed for every base url to hash usernames / passwords client side prior to submission and then hash again using a secondary algorithm server side to authenticate, passwords would never be a problem.

@rwg1811 Жыл бұрын

For privacy, I would have bought anything to start to your phone. So I guess that leaves having a pair of yubikeys.

@zenfishbike 10 ай бұрын

Totally confused about how a backup key can be kept current when it is located in a safe deposit box and I am using the main key to create passwords on new websites frequently. So if you need both keys onsite at all times in order to have them both current then you've lost the advantage of having a backup safely tucked away. What am I missing here?

@frankhalstead20 6 ай бұрын

This is about the third time I've looked at pass keys and you've a great job. Thanks. For myself, at this point, I feel passwords generated by password manager and stored by the same are the way to go. Passkeys are attractive but still to new and I can see them being a slow down as one site may use but another may not. I'll keep your product in mind.

@Meowski_2 5 ай бұрын

Couldn't you just write down your password in your notes in something only YOU would be able to understand? Like if you spoke Spanish and English and Piglatin make some gibberish that only you could comprehend? Keys can get lost and corrupted, data breach like Lastpass can happen frequently, if your phone gets snapped while you talking on it they are past the first line of defence anyway. Idk maybe im old-school bit it seems like new fangaled technology

@ShannonMorse 5 ай бұрын

Sure! Use whatever is best for your specific scenario. In my case, it's easier and more convenient to use password managers + 2fa keys., I have 400 + passwords and all of them are different, I don't even know what they are bc they're all randomly generated. I also live in a fire hazard part of the US, so I'm not gonna take the time to write them down in a notes app OR a physical binder where it could easily be destroyed or in notes where I could mistype something. Notes apps aren't as secure as 2fa plus an encrypted vault either, so I trust a pw manager more than a notes app.

@Meowski_2 5 ай бұрын

Thank you 😁 Yes, I've watched many hours of your videos! You're great! So my question is, I'm a world traveler and I need to protect my privacy, figure out a way to get back in if I'm locked out of my Google account, need to come to terms with someone stealing my backpack or phone, logging in on a unknown device to get back into my accounts AND my phone number from Verizon is now ported to Google voice. (Plus I can't get a yubi key in most countries as I'm in the far reaches of Asia) So.... Since your the most knowledgeable person here .... If you were me, what would you suggest? I do have a ton of data on my GOOGLE DRIVE, phone and laptop. I'm a designer so I need my gear, and if it gets stolen access my files and start fresh 😮 *whew! It's a lot! Any advice would be MASSIVELY helpful and I'll definitely recommend you to my fellow world nomads❤

@guitarstella1 8 ай бұрын

not convinced ill keep my long password and phone code time will tell with passkeys but i expect will all be forced into anyway.

@overwatchproject 6 ай бұрын

This is the best video on Passkeys, thank you!

@florakija 7 ай бұрын

How secure is using passkeys but not with a physical device but a password manager?

@djuhl002 Жыл бұрын

I use both, but it took me awhile to figure it out. Just like when I tried to buy my first crypto currency. Everyone said it was easy. But seemed like it took me 2 days to figure it out.

@terrydunlap8441 6 ай бұрын

Thanks for sharing the pros and cons. I just ordered 2 yubikeys and will try out passkeys. As head of our IT dept, it behooves me to be aware of all options to be able to enable end users to best protect themselves.

@id104335409 2 ай бұрын

You have no chance of "remembering" your passkey when you lose it.

@artemis5993 Жыл бұрын

Team Password Manager with uniqe complex passwords/passphrases

@Manic.miner2077 Ай бұрын

confuses the hell out of me, so i need a physical key for every password i want to replace?

@Knards Жыл бұрын

I use my phone to check the weather, but I do use Yubikeys on both my computers. Dont leave home without it. Where did you find those stickers you put on your keys?

@geekdownrange Жыл бұрын

Invalid traffic datapoint - I got ads on this video. Great video with the pluses and minuses of each solution. Thanks!

@drphobus Жыл бұрын

I lost my phone and was unable to buy a new one as 2 factor password on my credit cards wanted me to get info from ghe phone I lost.

@tbaymyhome 8 ай бұрын

Does Passkeys Manager are generation-always same as One-Time Password (OTP)?

@NWforager Жыл бұрын

i mean how can we stop our Banks from using text ones ?! its maddening . its like we need a list of banks that accept 2fa or keys

@rotary65 Жыл бұрын

Device based security (such as your phone or computer) adds another layer to software based authentication. Services are increasingly combining this in their authentication systems. The risk that quantum computing represents to authentication cryptography is also important to understand. Encrypted data is being stored now until quantum computing advances sufficiently to easily decrypt it.

@NotDrDre Жыл бұрын

Forget MFA security, I’m waiting for MMA security

@Its_a_me_Bondo Жыл бұрын

Oh look at that old iMac. One of the first computers you could get in a color you wanted.

@brianmcguigan4785 8 ай бұрын

Passkey A.S.AP,

@DreOnly Жыл бұрын

Shannon: you won't need your yubikey every time you want to login! Okta: lol

@synthwave7 11 ай бұрын

...and Microsoft is nearing the age of passwordless logins.

@wakaneut 11 ай бұрын

If I have a USB key as a passkey, can I duplicate that USB key?

@jeffhale1189 Жыл бұрын

Thanks for sharing. I appreciate your knowledge. I enjoy learning from your content. Blessings on your day!

@timbutts809 6 ай бұрын

At the moment I’m OK with both, but I’m probably gonna go to PaskeY consensus is it seems to be the coming thing at the moment I’m just trying to move the ball another 10 yards

@pudelz Жыл бұрын

1:27 me but it was irc since those clients had tons of fake names and .vbs 🤣

@Pfsensepluss 10 ай бұрын

can you get a set of keys that are all the same id ? like one for my android one for Pc

@mikepaschal2260 Жыл бұрын

I’m with you Shannon, hybrid until 💯 pass key is a reality

@jeoffosker1768 Жыл бұрын

Both for me. The Yubico's are bvery easy to use once you get the gist.

@leanderperera8467 3 ай бұрын

Excellent video. Thank you. I love the yubikeys, but the 25 key limit on passkeys is/will be a huge limitation. Maybe storing the passkeys in the pasword manager might be an option while using tthe Yubikey to get to the password manager.

@ShannonMorse 3 ай бұрын

Hello! As of their newest firmware, the capacity has increased! Check out yubikeys website for more info. I'll also be referring to this updated information in future sponsored videos, as this news broke just this month. 😊

@bassmaiasa1312 Жыл бұрын

Is it true to say a passkey is not vulnerable to keyloggers?

@TheMadisonHang 2 ай бұрын

this topic deserves a phamplet

@ShannonMorse 2 ай бұрын

It deserves a novel

@adnanabbasi9482 Жыл бұрын

In the early days, I came across users whose password was 'password' literally.🤫🤭😉 But, now I personally feel that I'm in the same 'password' category and failed to understand Passkeys.

@ShannonMorse Жыл бұрын

Keep an eye on my channel - I'm posting a passkey walkthrough video in a bit!

@sl4983 9 ай бұрын

Passkey is worthless if you're using Google

@TransformXRED 11 ай бұрын

No one talks about how it's easier for someone to be forced to use their finger or iris to unlock anything VS a password that is in your head (and a physical key like a yubikey). Extracting hidden info in someone's brain is more difficult that scanning someone's finger. Yes, alone at home in front of Amazon, it's all good. Then there is the real world. On top of that, we have to trust private entities to not store, share, duplicate biometric data. Something that is unique to everyone. Last thing. You can always have different passwords/security key combo. Combined with vpns or else. With biometrics, you can't hide from anything. And if it's stolen, you cant change it.

@ShannonMorse 11 ай бұрын

I've mentioned LEO and constitutional rights MANY times on my channel. Look around and you'll find that I did a whole segment about it in one of my security videos in the last month.

@TransformXRED 11 ай бұрын

@@ShannonMorse It was a general statement for the readers of the comments, not directed a you or this particular video - I know the position of hak5 and you on these subjects :) - I watched hundreds of your videos over the years. Don't forget that for some people, this video is the first one (and maybe the last one) they are going to watch. Comments are just another source of information (imo). I hope you don't took it the wrong way. It wasn't my goal.

@patrickstar3066 Жыл бұрын

Very informative thank you for the valuable information

@Growler-F18 Жыл бұрын

Team PASSKEY. BTW- WHAT IS THE LAST WORD ON YOUR SHIRT SAY? THE VIDEO CUT IT OFF.

@TheJustinBurton 11 ай бұрын

Please tell

@GersonHM4 11 ай бұрын

By the way, I love the rainbow

@jouldalk Жыл бұрын

... calming circle. That what you're looking for 😜

@ShannonMorse Жыл бұрын

Yessss Hocus pocus fan girl, that I am lol

@JunkheadAlice Жыл бұрын

Right now I'm stuck on passwords and 2fa. I've been considering a physical key for sometime and will look into the YubiKey.

@ShannonMorse Жыл бұрын

I'd recommend at least using one for your most important accounts, like your email address (which could be used to reset passwords etc)

@JunkheadAlice Жыл бұрын

@@ShannonMorse I had one that PayPal issued way back in the mid 2000s. It had a button and lcd. Pressing the button generated a code to use for logging into your account.

@ReQuiem_2099 Жыл бұрын

My passwords are PERFECT! I take the first password I ever used, and simply iterate by one digit at the end for every new account created since the 90's! Lol

@mmaxime Жыл бұрын

Modern password cracking algorithms can figure that out and adapt to it ;) It's going faster than we think these days

@ReQuiem_2099 Жыл бұрын

@@mmaxime I appreciate the helpful input, but that was the point. It was a joke 💙

@syrophenikan Жыл бұрын

I’m Team Venture!

@roymazz Жыл бұрын

Do you have a prediction of when you think most websites will have passkeys as a login option? I'm hoping 2-5 years, but I know it's hard to say.

@mmaxime Жыл бұрын

I hope that too, but it will be more like 10 years. For example, some websites still have a limit of twelve characters and prevents you from using characters that could make a SQL injection... And many don't have 2FA yet. So all the major sites will get it pretty quickly, but the rest of them will take more time to implement it. The only thing that could make it quicker to adopt if used is the fact that there are already open-source solutions that implement it right out of the box.

@roymazz Жыл бұрын

I can't believe how far behind many banks still are. Some still use just security questions! @@mmaxime 🤣

@rikachiu Жыл бұрын

I will still use all three ;p

@LazyJones Жыл бұрын

Comment for engagement

@driver3899 10 ай бұрын

6:54 passkeys

@garynagle3093 Жыл бұрын

Excellent information. I’m more old school with passwords. Uniqueness is something I definitely need to work on

@DjinnWraith Жыл бұрын

Maybe err, don't tell everyone on the internet that your passwords are weak. At least while no one knows that you have insecure passwords, you have some (minimal protection) from the herd (ie, those of us who practice better password security) By drawing attention to yourself like this, you are actively making yourself a target. Best of luck and hope you do take on some of the suggestions in the vid!

@garynagle3093 Жыл бұрын

@@DjinnWraith agree so have already implemented Shannon’s suggestions.

@AirmanDan916 Жыл бұрын

Smelly cat, smelly cat. What are they feeding you? Sorry it’s stuck in my head now. Hope it’s stuck in your head now too. Awesome Video Snubs I forgot about Napster and Limewire, 90’s nostalgia