passwordless

[LostCorpse]

out of interest and i didnt see an existing thread for it, so appologies if there is one.

how many people/ have you gone passwordless?
and how successfull has it been for you?
what sort of issues do you find crop up?
or stories

either in business or personal or both.

 

[Mujja]

Windows Hello, PIN or camera on personal and work devices for a few years now. Only problem is when I need to logon to an app which doesn't support SSO or Authenticator, I can't remember my password.

 

[andshrew]

Passwordless for a Microsoft work account with their authenticator app has been flawless for me.

If you're talking about broader passkeys, it's a very mixed experience so far.

In terms of storing and creating passkeys, Apple's keychain seems to have a pretty reliable implementation. I personally experienced a pretty horrible bug/glitch with Google and their Android implementation, where Google Password Manager would generate passkeys, give the public key over to the web site I was registering with and them seemingly discard the private key - making the passkey unusable. All this was being done while giving no indication anything was wrong. This was seemingly caused by having an old passphrase encryption configured on my Chrome data sync. The only 3rd party I've looked at is Bitwarden and its honestly unusable at the moment, they have passkey support implemented in the browser on desktop but not at all in their mobile app.

User experience on web sites and services supporting passkeys is also all over the place. Some treat them as a replacement for 2FA (ie. you still log in with a username and password and then supply a passkey). Some don't provide any tools to name your passkeys, so if you add multiple to an account you have no idea which key is which (should you need to delete one). On the sites that have implemented them as as intended (ie. as a replacement for passwords and 2FA tokens), then it does work pretty well.

It all probably needs at least another 12 months of people figuring stuff out.

 

[The_Arbiter]

I forgot about passkeys being developed, so that was a good post to read. Hopefully things work out as far too many sites require accounts now.

 

[theforce]

I finally took the plunge and installed Win11 Pro on my home PC. After a few days of smooth operation l was greeted with a "PIN is not available on this device" or something of that nature blocking me from being able to log into Windows.

I had to reinstall Windows/software and make sure l disabled PIN/Hello login and reverted to a password login which also required changing my Windows account password to something less secure since there was no option of assigning a different password to one of your Microsoft account. While l had no issues with other Windows 11 machines and the PIN login system it happened on my machine. I never had an issue like that with normal passwords so l am sticking with them.