It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
If I use a passkey aren't I making my login less secure?
I understand a lot of the benefits that passkeys offer such as domain spoofing etc but it seems to me that if I migrate to them that I am making things less secure.
If I currently log in to somesi...
I've been reading about passkeys and how they work in general and also how IPW will handle them. Still unclear to me how they work, how 1PW will handle them, and especially the implications of them vs what we have now.
I see some of the advantages of passkeys for security issues (caused especially by lazy users) but it seems like what this really amounts to is offloading the responsibility and liability of security from companies to users. This may be an improvement for lazy users (and for companies) but seems to cause some issues for the rest of us long-time users.
There is a lot of discussion about the security of biometrics. I have some concerns about that too. I even tried to make my iPhone recognize a photo of myself. It didn't work, but more sophisticated means might.. Even if biometrics can't be spoofed, there are other issues I've not seen mentioned elsewhere. Here is a common scenario I've seen in public. Someone unlocks their phone, say with friends at a restaurant, and lays it on the table. A thief could walk by and grab the phone off the table or even out of your hand. If this scenario means the thief can now change your device lock scheme and then access all your banking, we've got a problem and will see a lot more of this happening!
Using a PIN instead of biometrics won't help either. I use a complex 21 character PW to unlock 1PW when I need to use it. I don't want to have to enter that PIN every time I want to use my device. So having a 4 or 6 digit pin to get to all passkeys won't work for me.
What I want is a two-tier systems where a short pin can access my phone and low security passwords/passkeys that I use a lot with a more secure level for banking and other high risk passcodes. And I need a way to archive them online so if I'm in Europe and loose all my devices, I can buy a new one and get my passcodes back. Currently this is conveniently provided by putting low risk often used PWs into Safari PWs and the rest into 1PW with face recognition on the iPhone and a shorter but still robust PW for my laptop.
It's unclear to me at the moment if passkeys (and 1PW) will provide my desired use cases.
