Why are passkeys so great?
I don’t get it. Passkeys don’t make the existence of user/passwords obsolete. Companies still have to save and protect my password. Hackers can still use my user/password to login. Companies don’t require passkeys….but they do require passwords. Passwords are not going away, right? (although the way people talk about passkeys, they act like they are).
Why is it so painful for people to enter their username and password when they have tools like 1Password that make it so easy to autofill and manage “Fantastic” 20-30 character complex generated passwords that are unique for every web site you visit so no password is reused? (not to mention the excellent one-time password integration by 1Password that more and more sites are also automatically pulling the codes out of 1P and populating them when configured as the authenticator app)
Why do I need a passkey if I am perfectly happy and secure with these 1Password’s autofill capabilities? Tonight, I signed into a site using a passkey and I still had to get a code from my phone since 2FA was enabled. So, passkeys didn’t save me the 2FA step. So why bother?
Is it because of man-in-the-middle attack and the password is more easily captured and used as opposed to a passkey? I thought that would be mostly mitigated via https encryption over the wire.
My point is that someone can still login with the user/password…so u/p does not go away.
Can someone please make the case for me to abandon my 1Password password autofill and use passkeys instead?
