Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

datx's avatar
datx
New Contributor
2 years ago

What am I missing with passkeys?

I am finally getting around to putting passkeys into action.. but something isn't adding up. As a low risk test, I added a passkey to a bestbuy account. Started up an incognito session, and logge...
browser extension
1P_Dave's avatar
1P_Dave
Icon for Moderator rankModerator
2 years ago

lodaka

Thanks for the reply. Security is definitely an iterative process and passkeys are a step forward for the industry as a whole with the aim of protecting everyone, regardless of their technical skill level.

Unlike passwords, you can’t create a weak passkey. Passkeys are generated by your device using a public-private key pair, which makes them strong and unique by default. Passkeys can’t be phished like a traditional password because the underlying private key never leaves 1Password – this also makes them resistant to social engineering scams.

Passwords, even those supplemented by a TOTP authenticator app, can still be phished. You can still be tricked into entering your password and TOTP into a fake website that masquerades as the real website. A passkey solves this problem since it can only be used with the original website that you created it for.

Security keys are great, I own several myself, but two-factor authentication was designed to add an additional layer of protection to passwords against phishing. As mentioned, passkeys are already resistant to phishing and can be considered to have the same level of security as a password plus two-factor authentication, with a lot less friction.

-Dave