My recent feature on passkeys attracted significant interest, and a number of the 1,100-plus comments raised questions about how the passkey system actually works and if it can be trusted. In response, I've put together this list of frequently asked questions to dispel a few myths and shed some light on what we know—and don't know—about passkeys. This FAQ will be updated from time to answer additional questions of merit, so check back regularly. This author will not be monitoring or responding to comments going forward but can still be contacted through email.
Here are a few Q&A from the article. Visit Passkeys may not be for you, but they are safe and easy—here’s why to read more.
Q: I don’t trust Google. Why should I use passkeys?
A: If you don’t use Google, then Google passkeys aren’t for you. If you don’t use Apple or Microsoft products, the situation is similar. The original article was aimed at the hundreds of millions of people who do use these major platforms (even if grudgingly).
That said, passkey usage is quickly expanding beyond the major tech players. Within a month or two, for instance, 1Password and other third parties will support passkey syncing that will populate the credential to all your trusted devices. While Google is further along than any other service in allowing logins with passkeys, new services allow users to log in to their accounts with passkeys just about every week. In short order, you can use passkeys even if you don’t trust Google, Apple, or Microsoft.
Q: Why is Ars pushing passkeys so hard?
A: Based on conversations I’ve had with numerous people specializing in account authentication, I see great promise in passkeys because I think they will be easier and, on the whole, more secure once people develop the same kind of muscle memory they have now with passwords. Only time will tell, but I see no reason that people, including skeptics, shouldn’t at least try them. There's nothing to lose. If you don’t like passkeys, you can delete them (with the exception of passkeys Google automatically created on Android devices) and fall back to passwords at any time with no penalty.
Q: Can you back up your passkeys?
A: Not yet. But per this note from an engineer elbow-deep into the implementation of passkeys, import/export capabilities across devices and passkey managers are in the works.