Passwordless - Passkeys

I hate pass keys.

I don't want it but I find that I am being forced to use one now.

Lately I've struggled to complete purchases using PayPal without it insisting on saving a pass key.
 
I hate pass keys.

I don't want it but I find that I am being forced to use one now.

Lately I've struggled to complete purchases using PayPal without it insisting on saving a pass key.
I'm the same. I'm trying to avoid them but they seem to be getting pushed on us harder and harder.
It annoys me when I log into site and get a message saying it failed to create a passkey, I didn't ask for a passkey!
 
The best security really for a lot of stuff is having password-less authentication via email and having a strong password + MFA on the email, though that does make the email a single point of failure i.e. if you lose access to it.

Not a fan of this malarkey with passkeys - far too much of it is a good idea on paper / "in a lab" or for people who work in a certain way - but has a lot of complications and/or contingent situations for people in the real world in general that isn't catered for in the passkey implementation.
 
Last edited:
The NCSC is advocating their use as well. But what I don’t understand is what is the point if websites continue to accept passwords? Surely it should be one or the other?
There is always going to be a crossover period before things are enforced and the older less secure methods are removed, in the same way that when we moved from passwords to passwords + 2FA it wasn't immediately enforced by most web sites that you add 2FA to your accounts - until it was.
 
Last edited:
Oh my god!!!!!

I thought passkeys are more secure?

My sister was panicked texted me told me her Virgin Media email address had been compromised and she called Virgin Media fraud team for help to recovered her account, russia hackers changed her Virgin Media, Netflix, Booking.com and all passwords as well as data stolen. I checked my Virgin Media email and Netflix account are secured. She showed me screenshot of russia email address that changed all her passwords. I told her it best to have anti-virus installed on both PC and android phone, she said she already have it installed, she did not clicked on phishing emails, download fake apps, answer sms call etc. I then asked her do she log in Virgin Media with long strong password or use passkey? She told me she only use passkey!

So however hacker now created 2nd passkey!!!

Oh *****

I dont know what to do. :eek: :(
 
She told me, she now signed out all devices so hackers cant sign in with hidden 2nd passkey.

Let hope hackers dont create 3rd hidden passkey.

Oh wow I am freak out!
 
Don't use passwords.

Have a google account that only uses printed codes and hardware keys (definitely no SMS). Use OAuth SSO everywhere you can (sign in with google). This limits your authentication risk to the ONE account....rather than having credentials scattered all over the place.
 
Bitwarden's firefox extension doesn't support passkeys yet so no passkeys for me

90% of accounts I have are for things I couldn't care less about, the 10% I do are 2FA.
 
Bitwarden's firefox extension doesn't support passkeys yet so no passkeys for me

90% of accounts I have are for things I couldn't care less about, the 10% I do are 2FA.
Ive used passkeys using the firefox extension for ages? Do you self host (I dont) maybe thats the difference. If not Id look again it definately works. I even use it to login to this forum.
 
Oh my god!!!!!

I thought passkeys are more secure?

My sister was panicked texted me told me her Virgin Media email address had been compromised and she called Virgin Media fraud team for help to recovered her account, russia hackers changed her Virgin Media, Netflix, Booking.com and all passwords as well as data stolen. I checked my Virgin Media email and Netflix account are secured. She showed me screenshot of russia email address that changed all her passwords. I told her it best to have anti-virus installed on both PC and android phone, she said she already have it installed, she did not clicked on phishing emails, download fake apps, answer sms call etc. I then asked her do she log in Virgin Media with long strong password or use passkey? She told me she only use passkey!

So however hacker now created 2nd passkey!!!

Oh *****

I dont know what to do. :eek: :(

She told me, she now signed out all devices so hackers cant sign in with hidden 2nd passkey.

Let hope hackers dont create 3rd hidden passkey.

What kind of passkey manager was she using?

If all active sessions were closed but the hackers registered a 2nd passkey, don't they now have free access into the VM account whenever they want?

I understand passkeys cannot be spoofed or intercepted, so one of the devices your sister used to access the VM account was compromised. How do you handle this ongoing possibility?
 
Bitwarden's firefox extension doesn't support passkeys yet so no passkeys for me

90% of accounts I have are for things I couldn't care less about, the 10% I do are 2FA.

Passkey support on FireFox using Bitwarden has been around over 2 years now, I was slow to start adopting it but the few sites I've setup so far work flawlessly with it (including these forums)
 
Back
Top Bottom