Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Passwords and passkeys
Passkeys actually useless at this time? Please clarify!!!
Message
<blockquote data-quote="Templar" data-source="post: 1075168" data-attributes="member: 98359"><p>Hi folks,</p><p></p><p>A question for security experts who are knowledgeable about passkeys.</p><p></p><p>So, Microsoft, Google, Amazon, Ebay all support passkeys, right? They continually tout about going passwordless, and the benefits of a passkey's use against a password.</p><p></p><p>I'm new to using passkeys, but I'm beginning to think they are useless, at least at the present time, and I'm not talking about the method they use to authenticate in itself, but rather in the way websites implement them by still providing the password method to log-in once you've set up the passkey. To clarify, they say go passwordless, but you're not actually passwordless.</p><p></p><p>For example, I just created a passkey on my desktop PC for Amazon, yet when I go to sign in, even though the passkey method is provided underneath, the password is still the default sign in!!!! Ebay also offers password log-in alternatives when a passkey has been set up, as does Google. Surely this means in the event that someone did know your password, they could just bypass the whole passkey method?</p><p></p><p>Is it just a simple case of passwords still being offered by websites because it's still early days for passkeys?</p><p></p><p>Is there any benefit to using passkeys now, even though the password method is still provided? I've heard there is always a chance at interception when you use a password to validate entry into a website, whereas with a passkey the validation method is more secure. I don't know if that is true or not.</p><p></p><p>I've heard some people say 2FA via authentication app is not required with passkeys, but surely that would only be valid in a case where it is truly passwordless. Any website that can implement passkeys that <strong><em>still</em></strong> offers passwords as other methods of authentication I would say it is still required.</p><p></p><p>Thoughts, please.</p></blockquote><p></p>
[QUOTE="Templar, post: 1075168, member: 98359"] Hi folks, A question for security experts who are knowledgeable about passkeys. So, Microsoft, Google, Amazon, Ebay all support passkeys, right? They continually tout about going passwordless, and the benefits of a passkey's use against a password. I'm new to using passkeys, but I'm beginning to think they are useless, at least at the present time, and I'm not talking about the method they use to authenticate in itself, but rather in the way websites implement them by still providing the password method to log-in once you've set up the passkey. To clarify, they say go passwordless, but you're not actually passwordless. For example, I just created a passkey on my desktop PC for Amazon, yet when I go to sign in, even though the passkey method is provided underneath, the password is still the default sign in!!!! Ebay also offers password log-in alternatives when a passkey has been set up, as does Google. Surely this means in the event that someone did know your password, they could just bypass the whole passkey method? Is it just a simple case of passwords still being offered by websites because it's still early days for passkeys? Is there any benefit to using passkeys now, even though the password method is still provided? I've heard there is always a chance at interception when you use a password to validate entry into a website, whereas with a passkey the validation method is more secure. I don't know if that is true or not. I've heard some people say 2FA via authentication app is not required with passkeys, but surely that would only be valid in a case where it is truly passwordless. Any website that can implement passkeys that [B][I]still[/I][/B] offers passwords as other methods of authentication I would say it is still required. Thoughts, please. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
