Understand passkeys in 4 minutes

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ • 404

  • @aduad
    @aduad Рік тому +199

    1:57 If the passkey is stored on the device, what happens if that device is lost or stolen?...how would you retrieve your accounts before getting a replacement device 2:54?...this should have been included in the video!

    • @mokiloke
      @mokiloke Рік тому +11

      I believe you would log on using another device you have like laptop, which assumes you have one.

    • @dolorsitametblue
      @dolorsitametblue Рік тому +54

      ​@@mokilokethen what should you do if you lose all your devices in the flood, fire or other emergency?

    • @ozordiprince9405
      @ozordiprince9405 Рік тому

      ​@@hnv151so once you lose your iCloud account to an attacker. They have all your PassKeys as well??? Unless you use a passkey to sign in to your iCloud account. Therefore creating an infinite loop of lost passwords

    • @vashlex
      @vashlex Рік тому +34

      This is what I want to know too: Right now it is intransparent where the private key actually is and where it is backed up. How can I ensure my personal privacy without to rely on Google or anyone else but myself.

    • @rssaini01
      @rssaini01 Рік тому +9

      Then the backup codes came into the picture.

  • @JohnFrazier
    @JohnFrazier Рік тому +106

    Passkeys are still confusing. Does the passkey I use in Chrome on my Windows computer work on my Mac? Does the passkey I use on my Mac work on my Windows computer? Do Chrome passkeys propagate on my Google account, my Apple Keychain, 1Password, Lastpass, Bitwarden? Are they shared? If I wipe my hard drive and reinstall the OS, do I have to create new passkeys? Can I back them up to local-storage? When I do a security audit, is the fact that I have half-a-dozen passkeys for one website bad, or is that okay? Did I make them, or did somebody else? If I delete them will I get locked out?
    Do you see how this can be confusing for people?

    • @echongkan01
      @echongkan01 10 місяців тому +2

      Passkeys are Device + Platform wise. e.g. each passkey is a combination for Browser + Website, BUT, depending on the platform and user settings, the same passkey can be used in a different device, like a phone, to grant access to the SAME platform in a different device ( around min 3 is explained )

    • @WilliamPorterTech
      @WilliamPorterTech 10 місяців тому +16

      By default, passkeys are device specific. Not OS-specific. Certainly not browser or application specific: DEVICE specific. So if you set up a passkey in (say) Chrome on your Windows laptop, you'll be able to use it immediately in Edge or Brave or Vivaldi ON THE SAME MACHINE. How's that work? Well, using a passkey in Windows basically ties into Windows Hello. But you will NOT be able to use that passkey on another Windows computer or any other computer: You'll have to recreate it there, too. Not a big deal. But that's the way it works - by default.
      I say "by default" because it's now possible to store passkeys in other places, including some password managers. NordPass, for example, can store your passkeys. Now the passkey's authentication process gets moved from Windows Hello on the specific device to NordPass's own method (which, just to keep you confused, might be Windows Hello on that specific device!). Advantage of using your password manager to store passkeys is that you don't have to create them on other devices. If you use a lot of different devices to access the same accounts, this MIGHT be a small help. But if you only use one computer and one phone, then storing passkeys in your password manager isn't really any easier.
      But seriously, after you create just a couple of passkeys, you'll realize that the process is quite easy. If the passkeys are created on your devices, then you're getting the benefit of hardware authentication. Give your password manager a really good (long, strong, unique) password and then DON'T USE IT unless you have to. That's why, although I work on a lot of different devices, I create the passkeys locally and I do NOT use NordPass (my main password manager) to store them.
      NOTE that sites with good support for passkeys (like Google) will allow you to rename your passkeys. When I log into my Google account on a new device, I create a local passkey for that device (again: doesn't matter which browser I do this in) and then I rename it immediately (e.g. I change "Windows Hello 3" to "Surface Pro 9"). That way I can tell, in the manage-your-account area in my Google account settings, which passwords are for which devices. If I sell a computer, I remove the passkey.

    • @majorgear1021
      @majorgear1021 9 місяців тому

      @m57-ux3ngCrickets

    • @umutkayatuz9963
      @umutkayatuz9963 4 місяці тому

      @@echongkan01 Device specific

    • @Mary-p4f7q
      @Mary-p4f7q 3 місяці тому

      @@JohnFrazier Basically you, yourself is the password. You, because no one else has your fingerprints or a good password that be put in by you. As long it's a password that's combined with numbers and letters and symbols that would be hard to guess. Pass keys are simple when they are yours alone.

  • @macbitz
    @macbitz Рік тому +118

    So with passkeys, it is only your device PIN/password that protects everything. If a criminal steals your device and gets into it, they automatically have access to all the accounts that use passkeys as they have control of your device on which the passkeys are stored. With passwords and 2FA, the criminal steals your device and gets into it but they still can't access anything without cracking your password manager AND the authenticator app that generates the 2FA keys.

    • @DroisKargva
      @DroisKargva Рік тому +2

      This ^

    • @DroisKargva
      @DroisKargva Рік тому

      So it seems like 2FA with TTOP seems more secure?

    • @jaredyalves
      @jaredyalves Рік тому

      In a cybersecurity way, it's less secure. TOTP is susceptible to real-time phishing attacks. @@DroisKargva

    • @jaredyalves
      @jaredyalves Рік тому

      Let's use a phone as an example. What about if you have sensitive photos inside it? Already connected accounts? If they have the device and the password, they can already get that information. The idea of passkeys, as I think, is to help with cyberattacks, as for right now it is the best secure way to connect to an account online, but of course, everything has ups and downs. If you just lost your phone, they can't get you passkeys, YOU would have to give it to them.

    • @tommylehomme8695
      @tommylehomme8695 Рік тому +30

      Passkeys require confirmation before using them, so the device will have to be unlocked twice. Same as with your 2FA scenario.

  • @MichaelChin1994
    @MichaelChin1994 Рік тому +43

    Two questions:
    1. What happens if a user loses their phone?
    2. For a legitimate reason, like aiding someone who was injured, how can you access an account you have permission to use but they aren't in the same room as you?

    • @Bless3757
      @Bless3757 Рік тому +3

      Synced Passkeys are an option, which can be synced to your devices using a Google/Apple account or (preferably imo) using a password/passkey manager like Bitwarden or 1Password

    • @tommylehomme8695
      @tommylehomme8695 Рік тому +10

      1. In practice, both Google and Apple have your private keys in the cloud, like they do your passwords now.
      2. Impossible for now.

    • @portman8909
      @portman8909 11 місяців тому

      You can still make emergency calls without account access. There is no legit reason to gain access

    • @matheusvportela
      @matheusvportela 11 місяців тому +2

      @@portman8909 I don't think that was the question. Consider your mom had an accident and is in a hospital. You need to login to her email to retrieve some information for her while she can't. How could we get this legitimate access done?

    • @letsgocapsbeatpens
      @letsgocapsbeatpens 10 місяців тому +2

      Passwords are still there. The presentation doesn't say that, but you'll still have a password to your account if you can't get in using a passkey.

  • @DanBonachon
    @DanBonachon Рік тому +40

    If i lost my phone or got stolen? What do i do then?

    • @ro794
      @ro794 9 місяців тому +8

      Pray lol

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому +8

      Recovery codes. It's the same as when you setup 2FA with an authenticator app. You get 10 or 20 codes that are one-time use for recovery. You simply write them down and store them somewhere save so when you do lose your phone or security key, you can simply enter one of those codes to get into your account again and setup a new method for login.

    • @bigjoegamer
      @bigjoegamer 4 місяці тому

      Use a recovery code, or use another device that has your passkeys on it. You can create multiple passkeys for the same app or website. You could also use an online password manager that syncs across your devices and keeps your credentials secure and private in an encrypted database that you can access from almost any PC/phone/tablet/laptop with an internet connection, or use an offline password manager and create backups of it that you store in multiple devices. Or you can use a security key (e.g. Yubikey or Token2) and have an extra security key (with the same credentials stored in it) that you keep hidden somewhere, while the other security key stays with you. If you lose one of the security keys, then buy a new one and use the other one to log in to your accounts so you can add the new security key to your accounts.
      If you lose access to your password manager, just use a recovery code to get back into it. Make sure you have recovery codes for your email address if that email address is what you use to sign in to your password manager and/or if the password manager uses the email address to aid in recovering your password manager account (e.g. I think 1Password requires a recovery code and also requires you to have access to your email address that you used to sign up for 1Password).

    • @takakis
      @takakis 2 місяці тому +1

      Passkeys are a straight replacement for passwords, though they also replace 2FA techniques. You should provide users the same usual recovery tools as for a password.

    • @Mary-p4f7q
      @Mary-p4f7q 2 місяці тому

      @@DanBonachon Well for one thing passkey is basically you, yourself, fingerprint, pattern. If you lose your phone, people can't get in without the passkey, you. Then, report your phone missing to the phone company. I'm sure they could do something

  • @dee-vee
    @dee-vee 2 місяці тому +3

    This is basically a step closer to digital ID. With the intro of biometric authentication, phone manufacturers track you because they can uniquely identify the device owner. With passkeys, all online sites that support passkeys will have that ability as well since your private keys will be tied to your device (it is generated by your device), which is tied to your biometrics. Cookies were used to track you because they were sticky, remaining on your devices practically forever. Now, your biometrics-enable devices are "sticky" element used to track you everywhere.

  • @yufgyug3735
    @yufgyug3735 11 місяців тому +10

    so generally speaking, the mobile device is the single point of failure? if an attacker gets access to users phone and pin, then the whole system is compromised, including any and all services where a passkey is used?

    • @nosrehcorporation
      @nosrehcorporation 10 місяців тому +2

      No as when you move to weird location or have different habit it will be detected and google you ask you one more "pass" sms or fingerprint, or to proof clicking in another device you have etc.

    • @OkayOnyx
      @OkayOnyx 9 місяців тому +1

      Yep I have some guy who logged into my alt account and I can't up my security bc google insists on pass key and everything I enter the key google says its wrong

    • @OkayOnyx
      @OkayOnyx 9 місяців тому

      Can't get the guy off my email

    • @luv.97-N9X
      @luv.97-N9X 4 місяці тому +1

      ​@@OkayOnyx is it oky now ? If its .. Then how ?

  • @michaelstrelnikov
    @michaelstrelnikov Рік тому +16

    If during travelling I want to login (in an internet café) to a site that supports only passkeys and my phone does not have internet, how it can be done? What if a desktop does not have bluetooth?

    • @syawkcab
      @syawkcab Рік тому +4

      You would get a code from your phone that you copy into the browser

    • @michaelstrelnikov
      @michaelstrelnikov Рік тому +6

      @@syawkcab I don't think it works that way. And you still need a connection between desktop and a phone to even initiate the authentication.

    • @bigjoegamer
      @bigjoegamer 4 місяці тому

      ​@@michaelstrelnikov It does work that way if the code is a recovery code that you saved in a file that is available offline on your phone, or saved in a password manager that lets you access it offline. Make sure you save recovery codes for your email address and your password manager. You could write the recovery codes on paper, too. Enter the recovery codes into the desktop PC if the desktop PC can't use Bluetooth. Or use a security key (e.g. Yubikey or Token2) that has your passkeys stored on it.

    • @kucingoyen1
      @kucingoyen1 4 дні тому

      @@michaelstrelnikov no, it's not. I have tried several times and it doesn't required internet connection on my phone. You get your secret key from Settings -> Google Account -> Secret Key (if I remember correctly). The secret numbers will change every 30 seconds.

  • @TheRythimMan
    @TheRythimMan Рік тому +11

    I wanted to give this a try but aside from the video not actually showing me how to use pass keys it also does a bad job convincing me it's any more secure than what using bit warden or another password manager.

    • @DroisKargva
      @DroisKargva Рік тому

      bitwarden also will start using passkeys to logg in into master password (most likely at the end of this month). I still think 2FA seems the safest choise tho.

    • @TheRythimMan
      @TheRythimMan Рік тому

      @@DroisKargva I read about that but how to use it was still never explained so I'm probably not going to use pass keys.

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому

      The reason why it's safer than a password manager is because there are no passwords at all. You can have the safest password manager, but if you stumble on a phishing site or a website gets breached, an attacker has that strong password. Passkeys use either your devices' internal TPM security chip or a USB security key with such chip to store a private key, the private key never leaves the chip and isn't stored in the normal filesystem. If you do get onto a phishing site and try to use your passkey, the information that an attacker gets is useless.

    • @TheRythimMan
      @TheRythimMan 9 місяців тому

      @@fabiandrinksmilk6205 hi. Thanks for explaining this. You seem like you know what passkeys are. So does that mean I physically need my device to log in to websites using a passkey? What if I lose my device or it is broken? Will I be locked out? Will I only be able to log in from THAT device? If someone takes my device will they be able to log in to websites since "they have my keys?" If there are no usable USB ports on the device I want to log into how would I log in if my passkey is on a USB?
      Since watching this video only two websites have asked if I want to use passkey but I declined because I didn't understand and the websites still never really explained what they were going to be doing and I don't want to accidentally lock myself out of my accounts the way my grandma accidentally locks herself out of her iPhone. For now I'm relying on 2 factor authorization, which I understand how that works and know how to get around if I lose a device.

  • @JoelPeltonen
    @JoelPeltonen Рік тому +52

    As a developer, this sounds very suspicious and kind of inaccurate. It kind of just sounds like automated ssh key generation and exchange, which is inherently single factor authentication.
    And if you lose the private key, you are screwed. The only way I can fathom this kind of working is if keys have to be generated per device. Even then, you need a second way of logging in.... such as a password. An existing login session providing key management is still one single factor. Then again, the explanation/example just was not clear enough on exactly what data is exchanged and stored.

    • @WilcoVerhoef
      @WilcoVerhoef Рік тому +6

      There's a white paper by the fido alliance that you can read.

    • @Mallchad
      @Mallchad Рік тому +10

      It's an oversimplifcation,
      not 100% sure but I understand when you try to login it will prompt you to recognize some code, like a QR on a device you own.
      And authenticate with an existing (possibly local) method, like fingerprint.
      Yes, the keys *are* generated per device and are easily revokable if the account manager allows it. The way its setup it's 2 factor by default.
      Phone, fingerprint, account QR code to scan. It's kind of a lot and rather inconvenient if you don't carry around a device constantly.
      The second way of logging in is already covered by Google and they still allow you use passwords but this doesn't apply to other companies, it also may change in the future. The thing that concerns me is I'm not sure how they plan to impliment the "use this code to authenticate with passkeys" thing and passkeys management. It's a bit inconvenient to use a QR code the way its setup right now, not super reliable. and a bit liable to abuse if its implented too naively.
      Also transfering passkeys to other devices looks like an early problem. Same with 2FA

    • @jamestemple8970
      @jamestemple8970 Рік тому +1

      I'll stick with passwords. Why fix what ain't broken?

    • @JoelPeltonen
      @JoelPeltonen Рік тому

      ​@@jamestemple8970 I think this thingy is geared towards businesses and organizations, where there certainly are issues with passwords. In orgs a huge security issue is reusing passwords - it's de facto impossible to check if someone is reusing their workstation password at an online casino or their self-hosted wordpress blog or such. People also forget passwords all the time, and in a corporate or educational setting resetting passwords is often not trivial :/
      A third issue with passwords is sometimes users have to be stopped from having access to resources, such as a compromised account or when a user leaves an org. If just username/password access is used, that can be an organizational challenge. I bet I still would have access to things like internal file sharing, bug tracking and web servers and such if I chose to remember the passwords of them.

    • @ktwingstrom
      @ktwingstrom Рік тому

      Because they are broken @@jamestemple8970

  • @DKH83
    @DKH83 10 місяців тому +9

    The narrator voice volume is hard to listen, it goes from very soft to loud.

    • @DONOT_PANIC
      @DONOT_PANIC 6 місяців тому +4

      I think it may be artificially sped up as well as haveing the volume variations you pointed out. The video was a waste of my time.

  • @idcrafter-cgi
    @idcrafter-cgi Рік тому +10

    but for it to be synced with other devices would mean that the private key does get stored on a Server, on Google servers which are still Server

    • @tommylehomme8695
      @tommylehomme8695 Рік тому +4

      Same with the Google password manager, or indeed any password manager

    • @metaltyphoon
      @metaltyphoon 11 місяців тому

      ⁠​⁠@@tommylehomme8695that’s not true at all. Bitwarden has zero knowledge architecture. Anything sent to them has already been hashed. They dont store private keys.

    • @iilwy
      @iilwy 6 місяців тому +1

      late but i'm pretty sure it's encrypted with your device's passcode, a password, or a stronger form of biometric like your fingerprint or face authentication
      meaning, it's not accessible or readable without authenticating first

    • @bigjoegamer
      @bigjoegamer 4 місяці тому

      Instead of storing private keys on Google servers, you can use a different password manager for storing passkeys, such as 1Password, Bitwarden, Proton Pass, KeePassXC, Strongbox, Keeper, and others. If you want to store them offline, then store them on a security key (e.g. Yubikey or Token2) or in an offline password manager such as KeePassXC or Strongbox (Strongbox is compatible with KeePass database files).

  • @john_smith281
    @john_smith281 Рік тому +21

    So you are using 2fa and remove the password part?

    • @not_vinkami
      @not_vinkami 9 місяців тому

      No. This is just single factor authentication, but this single factor requires a physical device so online hackers are out of the way.

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому

      It's not that 2FA is bad, it's just that it's too inconvenient for many people. Passkeys is a hardware-backed alternative to passwords, which prevents phishing attacks and like the video said, saves a lot of money for companies with costumer service that needs to reset people's password or for anyone with damages from getting hacked.

    • @bigjoegamer
      @bigjoegamer 4 місяці тому

      ​@@fabiandrinksmilk6205 "It's not that 2FA is bad, it's just that it's too inconvenient for many people"
      That's why biometrics are one of the talking points of passkeys: biometrics are convenient for many people, even more convenient than a PIN unlock or pattern unlock or a security key you have to pay money for that requires a PIN or fingerprint (e.g. Yubikey Bio).
      Passkeys are 2FA if they require something you have (phone, password manager database, security key) + something you are (fingerprint or face) or something you know (passcode or PIN or pattern).

  • @B20C0
    @B20C0 9 місяців тому +3

    So basically passkeys are just the same type of public/private key encryption we had for ages? Back then you had to manually add private keys to your browser to use them to authenticate and rarely any website actually used that technology to authenticate.
    So the "new" thing is that it's more comfortable now?

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому +1

      The new thing is the open source standard and the widespread use of security chips or TPM chips. The private keys are stored in that chip securely instead of your normal filesystem.

  • @chrisw1462
    @chrisw1462 Рік тому +59

    Understand ???? This has so little information it's ridiculous!! And not a single word about how it keeps either half of your passkey private!!

    • @cyphi1
      @cyphi1 7 місяців тому +2

      it's like SSH public/private key authentication.

    • @intrepidis1
      @intrepidis1 Місяць тому +1

      It explains that at @1:53

  • @ingoausmnorden
    @ingoausmnorden Рік тому +21

    I really like the idea of passkeys and changed my password into a very complicated one, expecting, that I would only need it as a backup, if ever. But it is a annoying, that login to a chromebook (not unlocking screen) still requires a password. And in my opinion this contradicts the whole idea. I mean, I have my smartphone next to me and I can use it to log in to my google account on a chrome browser on any windows system. Why not on a chromebook, googles own system?

    • @RobinNashVideos
      @RobinNashVideos Рік тому +2

      This is "largely due to the way ChromeOS encrypts data at rest residing on the Chromebook itself, specifically the decryption key being tied to the password" (from an Ars Technica article)
      I agree that it's quite a nuisance, but ChromeOS simply wasn't built with passkeys in mind, and so their introduction will require more time as, from what I understand, a low-level fix needs to be implemented, which could require restructuring the OS' entire encryption system. It'll take time.

    • @Pandan73
      @Pandan73 Рік тому +3

      Real

    • @Comments_From_All_Channels
      @Comments_From_All_Channels Рік тому +1

      Fingerprints get hacked unless you use mark of the beast

  • @Chicago48
    @Chicago48 9 місяців тому +2

    Can you still use your regular Password even though you have a Passkey? Is the Passkey an OPTION?

    • @ntagPink
      @ntagPink 5 місяців тому

      Still an option at the moment.

  • @clivecummings4563
    @clivecummings4563 9 місяців тому +2

    Is a passkey a physical key that plugs into a USB port as i have seen these on UA-cam to but i just don't understand them at the moment. i have got eBay asking to sign up with passkey and tells me to insert it in a USB port on my PC. trouble is i don't have one and they don't even tell you what one is. also on some UA-cam channels you have to carry it around with you everywhere and they even tell you to back it up on another key which are not even sync together, so if you add another account it looks like you would have to do it on each device every time. As i say i don't understand it at the moment so i may be misinterpreting it all.

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому +1

      Passkey is just a new term for different ways to login other than passwords. This video focused on a new form of passkey, which is the security chip (TPM) already inside your device, but USB security keys like the Yubikey do the same, but as a pluggable device that you can take with you and use on different devices. When it comes to backup, you actually don't need to buy 2 USB security keys. Instead, the website you setup 2 factor authentication or passkeys gives you one-time recovery codes. When you lose your security key, you go to the website and try to login and when it tells you to use your security key, you select recovery code instead so you can get into your account to block that security key and setup a new one.

    • @vmobile890
      @vmobile890 9 місяців тому

      @@fabiandrinksmilk6205 yes i got that also not the yubico key . now there is another key but not a object more to study .

  • @Mary-p4f7q
    @Mary-p4f7q 3 місяці тому +2

    As far as I can understand a passkey can be your fingerprint, a pattern, or less safe, your face.

  • @johndoe6032
    @johndoe6032 2 місяці тому +1

    If Google Password Manager has all of the user's passkeys, then that means they are not only stored on device. They are in a cloud storage location that can be subject to hacking. This description of how passkeys work seems pretty bad.

  • @johndoe6032
    @johndoe6032 2 місяці тому +1

    "The matching key is stored on the server... because no secret is stored on the server..."
    This needs more explanation. If the matching key is stored on the server, how is there also nothing secret on the server? There has to be information on the server that knows if the passkey being sent to it is the correct one. And that seems like the kind of information that can be taken from the server and used to hack an account.
    I'm not saying that's how it actually works, but that's what it sounds like in this description, and the description needs to be improved.

  • @ranzali5564
    @ranzali5564 Рік тому +3

    If someone adopts Passkeys, should they delete all other methods of authentication they used previously? For instance, Google Prompts? Could someone exploit/intercept Google Prompts if used at some point despite the fact that we set up Passkey?

    • @MartinRusnak
      @MartinRusnak Рік тому

      Yes

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 9 місяців тому

      If you have multiple ways to login, the weakest option ultimately determines the security. You should simply think about what works for you and how you would recover your account in case you lose or forget a method. Ideally, you should delete the other methods and write down the recovery codes to store somewhere save. That way you use your passkey for your daily login, but in the event of you losing a passkey device, you can use a recovery code.

  • @ProjectKneepads
    @ProjectKneepads Рік тому +8

    Suppose I’ve set up passkeys with an iPhone, and I would like to change to Android (or simply lose my phone). How does this change affect my passkey experience?

    • @coolspot18
      @coolspot18 Рік тому +2

      I think this is going to be problematic unless people use a password manager with passkey support for cross platform support?

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      Just register another key for the same account on the Android. Done. Use either device to log on.

    • @frituurvlieg
      @frituurvlieg Рік тому +2

      @@LivingInCloud1 but the thing is, how do you register that? I mean, what if for example my phone is lost and now I have bought a replacement phone.
      How can i log in to add another key? You would still need to use a password in this case I assume?

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      @@frituurvlieg In that case you need another way to auth. Always keep a spare FIDO key around as a fallback, that way you can get back in and also in a phishproof way.

    • @DroisKargva
      @DroisKargva Рік тому

      @@LivingInCloud1 seems like a headacke. just stick with 2FA with TTOP and that solves all the problems

  • @AnthonyGriffiths-j2t
    @AnthonyGriffiths-j2t Рік тому +5

    the audio in this video is poor, I could hardly hear what the narrator was actually saying

  • @davidguy207
    @davidguy207 Місяць тому +1

    I'm surprised this isn't a standard when it comes to creating accounts on different website.

  • @MikeUpdatesecurity
    @MikeUpdatesecurity 2 місяці тому +1

    Cancely finger print or is it beeter

  • @KN-oq6lv
    @KN-oq6lv 9 днів тому +1

    My PC does not have biometrics, what then? and how do I explain this to my grandpa?

  • @MannyNCF
    @MannyNCF 2 місяці тому +1

    ok, PASKEY uses on phone face recognition feature, but how do I unlock passkey on my computer that has no face recognition?'

    • @therealbobafett
      @therealbobafett 9 днів тому +1

      You'll click the button that says "use passkey on a different device" then it'll display a QR code that you scan with the device that has the passkey on it, such as your phone. Then authenticate like normal and you're in

    • @MannyNCF
      @MannyNCF 9 днів тому

      @@therealbobafett ah! thank you

  • @Mntrmaheffa
    @Mntrmaheffa Рік тому +7

    Is the key actually generated for the biometric or the Google account?
    Because if I create a secret key with my face scan, then lose my device and do another scan, I HIGHLY doubt it will generate the same exact face scan, so how can I now log in?

    • @boksorunfedaisi6287
      @boksorunfedaisi6287 11 місяців тому

      You're right, every biometric scan will produce a different output so they can't be used to generate keys. It's used more like an authentication rather than a seed for key generation.

  • @arcticcat3040
    @arcticcat3040 Рік тому +8

    How exactly does it work on desktop without fingerprint reader? Do I need to keep scanning codes with my phone?

    • @nicolasparada
      @nicolasparada Рік тому +3

      Pin.

    • @jayantrohila
      @jayantrohila Рік тому +6

      same way you unlock your desktop.

    • @jamestemple8970
      @jamestemple8970 Рік тому

      @@jayantrohila But I don't ever unlock my desktop. Why would I? I also don't lock my phone.

    • @jamestemple8970
      @jamestemple8970 Рік тому

      @@nicolasparada What is the difference between a pin and a password?

    • @nicolasparada
      @nicolasparada Рік тому

      @@jamestemple8970 that the pin is local to the device.

  • @coolspot18
    @coolspot18 Рік тому +2

    Will the average person know how to backup their passkeys or keep them synchronized between devices/operating systems?

    • @DroisKargva
      @DroisKargva Рік тому

      @@daniel.s8126 user 1234

    • @jamestemple8970
      @jamestemple8970 Рік тому

      @@daniel.s8126 It's not brain surgery.

    • @tommylehomme8695
      @tommylehomme8695 Рік тому +2

      Google, Apple and third-party password managers will take care of that

  • @TheRavageFang
    @TheRavageFang Рік тому +5

    Is google pw manager still keeping encryption key along the encrypted passwords? Then what's the point with this?

    • @_Hespro_
      @_Hespro_ Рік тому +3

      Phishing protection. And it's easier to push normies using passkeys than a password manager.

    • @Mallchad
      @Mallchad Рік тому +1

      @@_Hespro_ password managers aren't super strong because they don't strictly prevent phising attacks,
      just make it slightly more resistant if it has a safe autofill.
      Worse password managesr are liable to database breaches where as passkeys are very *very* strongly compromise resistant since the authentication credentials are local only. and *encoraged* to use biometric backing

    • @Comments_From_All_Channels
      @Comments_From_All_Channels Рік тому +1

      Fingerprints get hacked unless you use mark of the beast

    • @Mallchad
      @Mallchad Рік тому

      @@Comments_From_All_Channels having a fingerprint is useless in passwordless because its tied to an authenticator with 1 device. only maybe being at risk if you break both a cloud backup of the pairing, and phish a fingerprint, and restore the backup without it being flagged, and don't get kicked out for using a new device

  • @luizfelipels7
    @luizfelipels7 5 місяців тому +1

    How is a PIN (usually 4 or 6 digits) more secure than passwords? 🤔

    • @shaggydawg5419
      @shaggydawg5419 Місяць тому

      exactly. And if your PIN is 1234... good luck.

  • @Chetok
    @Chetok 6 місяців тому +3

    Like so many you are unable or unwilling to put yourself as aa newbie or non tech, you lost me less than 2 mins in, no help at all

    • @StarCampShasta
      @StarCampShasta 5 місяців тому

      Yeah it doesn't explain it at all. And I'm no noob

  • @edhahaz
    @edhahaz 2 місяці тому

    It's like asking your friend to setup the account for you. He won't tell you the password, but you are logged in, he may or may not log you in the future if you need it. Amazing tech!!!!!!!!!!!!!!!!!1

  • @cate01a
    @cate01a 15 днів тому

    sounds good. would be nice if on computers a passkey can be a string of text like typical passwords since its an easy security upgrade and improtantly wouldnt need you to do 2fa
    and i wonder whether face+fingerprint is much more secure than a password? since afaik phones are easily tricked with photos etc?

  • @MyMomSayNoDota
    @MyMomSayNoDota 11 місяців тому +1

    so basically, passkey is the master password of a password manager with auto fill. passkey is your device PIN/face id/fingerprint etc, right?

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      No 😅. Passkeys are a replacement for passwords. Once created you can use them by unlocking your device (that's where the face id/fingerprint comes into play).
      Also don't think of them as a master password, each account to each website could have it's own passkey.

  • @chadsexinton
    @chadsexinton Рік тому +2

    So if someone steals your phone you're screwed everywhere? Too much dependency on your phone.

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      How would they unlock the stolen phone?

    • @chadsexinton
      @chadsexinton Рік тому

      @@LivingInCloud1 I mean you wouldn't be able to login anywhere.

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      @@chadsexinton Create another key on a FIDO and also in Windows Hello. Done. 🍺🍺

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      @@chadsexinton Also, you would have an iPhone keychain backup?

  • @ramysami
    @ramysami Рік тому +1

    Why didn't passkey replace both the user name and the password, sometimes users struggle remembering the username and since the technology is capable of bypassing a username , why not?

    • @tommylehomme8695
      @tommylehomme8695 Рік тому

      They will eventually, there is no need for the username in the traditional sense now

  • @chickadddee
    @chickadddee 8 місяців тому +1

    Wait, did she say "if you buy another device, Google has stored your passkey info on their servers, so your new device will work ...." ?? How is that ultimately secure?

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      It actually isn't 100% secure in that aspect. But this is the same for passwords. If you choose to use a service that stored your passwords/passkeys on a server, there is always a chance of it getting breached. But two things to keep in mind. You could choose to keep your passkey only on your device, or buy a security key to store the passkeys on. Another thing to keep in mind is that passkeys are still more secure in other aspect, like being phishing resistant.

  • @DarkH4X0
    @DarkH4X0 Рік тому +9

    What if a fire destroyed my home and I lost everything? Let's assume I don't have a home anymore, let alone my smartphone. How would I deal with that? At least with password managers as long as I remembered one long passphrase I was good to go even after a disaster, now I guess I should prove my identity sending my ID to Google, that would be a long process and it would even go against my privacy. It looks like you solved a problem by introducing thousands more, very nice

    • @DarkH4X0
      @DarkH4X0 Рік тому

      (the sending my documents part would be a long process considering that as I mentioned I would have lost everything in that situation, so it would take quite a while even just to get those documents printed and delivered back)

    • @agektmr
      @agektmr Рік тому +2

      @@DarkH4X0 All you need is a new device, an ability to sign in to your Google account, then the PIN of your previous device to resurrect the passkeys.

    • @Mallchad
      @Mallchad Рік тому +1

      Account recovery isn't going away,
      phone carriers can help you recovery your mobile number and backups can help you get access to your passkeys.
      The passkeys should be unlockable with biometric data so importing directly from a backup should be possible in future.
      Google aren't removing password logins *for now*

    • @camwha5904
      @camwha5904 6 місяців тому

      This is why offsite backups are important for protecting anything you don't want to/can't afford to lose. That doesn't just go for passkeys but important data in general.

    • @TheuppercaseM
      @TheuppercaseM 5 місяців тому

      youd need to log into your google account or apple id or whatever is holding your passkeys and youre good to go.

  • @asaf2hd
    @asaf2hd Рік тому +18

    People dont see this, but this solution drifts from an open internet environment to a closed one. Instead of being dependant on ourselves when logging into pages, we will now have to be dependent on the os, as well as actually giving out our passkeys to Google so they can log in freely to our resources.
    Big no!

    • @camoelmao
      @camoelmao Рік тому +4

      Google said in a blog that your pass keys are send to end encrypted so Google can't access your login credentials

    • @pernilsson2394
      @pernilsson2394 Рік тому +1

      ​@@camoelmaobut google knows what encryption is used. And they most likely have the resources to break the encryption.

    • @spencerblumenfield5377
      @spencerblumenfield5377 Рік тому +3

      @@camoelmao i believe these would be stored locally on the device the only thing google would have access to is the public key

  • @erikstorelv7189
    @erikstorelv7189 3 місяці тому +3

    This is a very misleading kind of marketing. The screen lock up code or a PIN gives you access to all the Passkeys. It´s not secure. There are many good questions on the major limitations of this in the comments below. The passkey is a desperate try to avoid to move to truly decentralised digital ID architecture that would make the Google ID irrelevant. Hence, to defend is web 2.0 control of users ID, Google is pushing for this inefficient solution.

  • @yrs207
    @yrs207 10 місяців тому

    Passkeys could only be used as a convenient way to login, but can not replace the password + 2nd factor because eventually if all devices are gone/lost, there is still a need a way to authenticate users using something stored in their mind (pass) plus some 2nd factor like a SMS code (get a another new device with new sim card but old number, or from another email account).
    Once things are recovered from that pass + 2nd factor, the new passkey pair could be established and save for future use of password.

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      Yeah I mostly agree. Passwords will never be truly gone. But they should be rare, you should only have a handful of password to very important accounts/devices. I looked in my password manager, I have 500 passwords. 490 of them could easily be replaces by a passkey.

  • @17Kalash
    @17Kalash 4 місяці тому

    did anyone have the link of some tutorial or documentation about implementing passkeys in .Net Core projects?

  • @deltaechomusicnh555
    @deltaechomusicnh555 Рік тому +1

    What happens if your device break or gets lost? What happens if I want to login to an account on my PC rather than phone?

    • @AlexMetslov
      @AlexMetslov Рік тому

      You OKAY there?
      I will add then more complications.
      Also, what happens if you break your fingers and burn off the face? How do you validate your identity then?
      And if police will believe your relatives, what if you kill all your relatives and friends? How can you validate then? If you still have workplace, what if it burns down and everybody will burn along the building? How can you verify then?

  • @tjmason6517
    @tjmason6517 Рік тому +1

    Hmmm. I wonder what benefits a unique identifier provides the authenticator...

  • @YS-zk4wz
    @YS-zk4wz Рік тому +4

    Didn't understand a word of it

  • @timfd.w.4163
    @timfd.w.4163 9 місяців тому +1

    Seems nice... But then Google will log and see every site I logged... What about privacy?

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      they could already do that when you use Google Password Manager with passwords. I'd put more trust in 1Password or another password manager

  • @timataan
    @timataan 2 місяці тому +1

    Wow! Just knew about this today
    Been wondering why FB and Gmail don't allow us to sign in using fingerprints so literally nobody would hack the accounts
    Good to know am brilliant

  • @wnbot
    @wnbot 4 місяці тому

    My question is when I register on android, can i login on iOS? I know that when I register on android, google will save my private key in google cloud, it's ok if I login on another android device, but how about login on iOS?

  • @CosmicAlphonso
    @CosmicAlphonso Рік тому

    If we use google password manager to sync across devices that means these keys can travel on the internet. And what if i switch from google password manager to other service?

    • @ZohaibMasood1
      @ZohaibMasood1 Рік тому

      iCloud chain already supports passkeys so you can generate one for that. Also, 1Password is coming up with passkeys support you you can use something like that for cross platform.

  • @Skwarciak
    @Skwarciak 2 місяці тому

    So everyone can simply copy a passkey by syncing it with their own devices?

  • @someperson69420
    @someperson69420 2 місяці тому +1

    Passkeys broke when I tried to use it on roblox

  • @alexag782
    @alexag782 8 місяців тому

    Hey what do you cost / money by 2step Authifiacation?

  • @AzphrinxOfficial
    @AzphrinxOfficial 8 місяців тому +2

    Understanding passkeys are really easy and I'm currently using it today. This is the next gen of passwordless feature

  • @JoeyThomas
    @JoeyThomas 2 місяці тому +1

    there are no instructions here

  • @darknetworld
    @darknetworld 11 місяців тому

    I wonder if phone is hijack and imposter access it? Since many apps or browsers can get user data.

  • @rickdg
    @rickdg Рік тому +88

    But users appreciate password sharing.

    • @mickeymond
      @mickeymond Рік тому +9

      If you say password sharing, do you mean having access to another person's password so that you can log into their online accounts?

    • @uchennaofoma4624
      @uchennaofoma4624 Рік тому +1

      I think so

    • @mickeymond
      @mickeymond Рік тому +13

      Woow.
      From a security standpoint, that is quite inappropriate.
      If letting other users access your online account(some controls) is the goal then a delegate access will be the best way to go where they will also have separate credentials to log in.
      However, if existing password managers allow for password sharing, then allowing for passkeys sharing with others should be possible now or in the future based on user requests.

    • @nagarajansubramani
      @nagarajansubramani Рік тому +8

      @@mickeymond Yes like with Netflix and other paid services where sharing is caring, and brings down the cost by division, that corporates absolutely hate and go through hoops to have you stop.

    • @mickeymond
      @mickeymond Рік тому

      @@nagarajansubramani 🤣🤣🤣
      Then let's pray hard that Netflix and the likes do not migrate to Passkeys soon.
      And even worse, make it a mandatory login technique.
      Profiles in Netflix could be sub accounts that also log in to Netflix but enjoy their parent account's subscription but I guess it isn't a win for Netflix so they won't do that.
      Passkeys can actually be a frustration for Netflix account sharers a whole lot.

  • @hopper1629
    @hopper1629 Місяць тому +2

    So glad this video explains passkeys so well🙄 🙄

  • @mrkenwu1
    @mrkenwu1 4 місяці тому +1

    Passkeys are not safe, neither are biometrics. Two-step is still the most secure.

  • @mattribeiro9017
    @mattribeiro9017 2 місяці тому

    Sigh. So, the private key is safe because it **isn't** stored on the server, but the private key **is** uploaded to the server to sync it across devices?

  • @tombalabomba3084
    @tombalabomba3084 11 місяців тому

    Why would passwords stored on a server be compromised if a databreach happens. They should be hashed/encrypted anyways!

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      You are questioning that passwords breaches are useless because the passwords could be hashed? 😂
      You can brute force them, you can run a huge list of known passwords and their hash. You can use dictionary attacks, you can use credential stuffing.
      There are so many ways of breaking into an account protected by a password. With passkeys these attacks don't really exists.

  • @pauljohnsonbringbackdislik1469

    What is the fallback for users with no smartphone?

    • @brandoncortes9655
      @brandoncortes9655 Рік тому

      usar la contraseña o pin almacenada para iniciar en tu dispositivo, además debes adaptarla al cambio en caso de que decidas cambiar la contraseña

    • @davidgarciag
      @davidgarciag Рік тому +1

      You can create passkeys within your browser, i imagine you have to be logged it for them to be saved

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      Windows Hello, FIDO Keys...

  • @maltimoto
    @maltimoto Рік тому

    so a passkey is biometric identification? why do they call it passkey then?

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      Its not. Its agnostic to how it is being secured itself. But biometrics are a common way to secure the Passkeys.

  • @JASNSOUNDS
    @JASNSOUNDS 5 місяців тому

    This is so frustrating. I’m trying to sign in with google id to apps on my new iPhone and it’s giving me a QR code to scan with another device?? Wtf how am I supposed to do that.

  • @-ok-
    @-ok- 11 місяців тому

    My fear:
    Right now, with a password manager - if my master password is compromised, I can just change it - and the rest of my accounts are still fine. (Assuming I change it fast enough)
    With Passkeys, if my passkey is compromised - then there’s no way to “change” it without going to each website one by one… right?
    So if I’ve backed up my passkey to a USB drive and put it in a safe - but somehow it gets stolen - then I’m in trouble.
    Vs if I’ve stored my password manager’s master password on a piece of paper in a safe - and that gets stolen - I can still quickly go and change it before the thief even discovers what it is they stole.
    And also - what if Google themselves are attacked - with passwords, only the hash is stored on the server so if that hash is exposed, as long as it was salted, the rest of my websites are secure… but with passkeys, if that one key is exposed, all my other websites are exposed.
    Or do I have this whole thing wrong?

    • @lorkano
      @lorkano 11 місяців тому

      Only public key is stored at google, and is useless when compromised. They could only sign in to google with it. To compromise passkey, you would have to have your private key compromised which is on your device

    • @-ok-
      @-ok- 10 місяців тому

      @@lorkano I thought "passkeys synchronise across devices" using Google Password manager? If so, that would imply that Private Keys are also synced across devices = stored in the cloud?

  • @Philipbuono77
    @Philipbuono77 2 місяці тому

    My passkey not showing with a green check on yt why???

  • @YourComputer
    @YourComputer Рік тому +4

    Fingerprints, face scans and PINs are all a type of password. The assertion that this is will lead to a "passwordless future" is absurd and deceitful. Also, from Google themselves, "anyone who can unlock the device can sign back into your Google Account with the passkey." That would include every other account you use passkeys for. This does *not* sound secure at all. We aren't even told if buying a new device will cause us to be completely locked out of our accounts if we don't have access to our old device. And if it were possible to log into our accounts using a new device without the need of the old device, that basically defeats the whole purpose of passkeys.

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      As long as you have ANY way to get in, you are fine. I have registered Passkeys on my FIDO key, in Windows Hello and on the iPhone for the same account so pretty much whatever happens I will get back in unless there is a fire and all devices are lost. Place a key on a cheap USB FIDO and store it at your parents house. :)

    • @LivingInCloud1
      @LivingInCloud1 Рік тому +1

      Also, you can not view Passkeys as a kind of passwords. They are based on the FIDO spec and are not phishable. They are FAR from passwords in a technichal sense.

    • @YourComputer
      @YourComputer Рік тому

      ​@@LivingInCloud1 Clearly, no one is complaining about the scenario where you still have access to an already whitelisted device. What happens when you run out of ways to authenticate yourself? How do you prove that you are who you say you are? (Yes, let's assume worst-case scenario.) The only thing I can think of is an account recovery system that necessarily hangs on one-factor authentication. But to take one step backwards defeats the whole point of 2FA. You wouldn't be able to rely on the device having the same phone number, for that is insecure and naive.
      The whole notion of passkeys and 2FA appears to be self-refuting. On the one hand it asserts that passwords are the problem, while on the other hand it makes heavier use of passwords to solve the password problem. Sure, passkeys are a step above passwords in the sense that they are cryptographically strong and use a public-private key combo, but, lo and behold, a password in the form of either biometrics, face scan or PIN are still part of the picture.
      As far as I can tell, 2FA is not about protecting the user from other users. As it stands, it benefits companies more than it does users. It is no surprise why no one claims it is a perfect solution, and simply resort to it being a "better solution." Not even FIDO attempts to offer up a solution for cases where the user has lost all possible forms of authentication. Instead, FIDO places that burden on companies to come up with a solution for that. But I have yet to hear of anyone proposing a solution. Granted, it is not straight-forward to solve, but forcing people to have 2FA before a solution is implemented is absurd.

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      @@YourComputer In a company setting, its a no-brainer to use Passkeys as there will be an admin available to let the user back in.
      Private accounts may turn into a problem, so again make sure you have multiple ways to authenticate. Like an extra FIDO at your parents house. ;) The added security is easily worth the small cost of a FIDO.
      PINs are involved for sure, but only on the device itself. That PIN is not possible to abuse/guess over the Internet, like a password is, for an attacker.
      There is a reason Passkeys are invented and the fact that you have to go to extremes to find a "weakness" is telling. What if you forget your password, lose access to the recovery e-mail address and your phone breaks down, all at the same time? What do you do now? :)

    • @YourComputer
      @YourComputer Рік тому

      @@LivingInCloud1 Yeah, in a company setting, replacing passkeys is not difficult. But the issue with passkeys would still apply, in that losing the key and the key falling into the wrong hands, anyone with that key can enter. It would be no different than someone gaining access to your phone which has all the passkeys stored on it, therefore gaining access to all accounts that make use of passkeys. Like Google said, "anyone who can unlock the device can sign back into your Google Account with the passkey."
      The fact that something like SIM swapping exists is what makes worst-case scenarios difficult to impossible to account for. In the worst-case scenario where you lose all possible ways to authenticate yourself, how do you prove that you are who you say you are? You can't rely on the phone number, you can't rely on your home address, you can't rely on your full name, you can't rely on even social security number, etc, etc.
      If you can verify yourself by means other than 2FA, then 2FA is rendered useless. So long as I can pretend to be you, it wouldn't matter how many passkeys or secondary devices you have. For as long as this issue exists, 2FA will offer nothing but a false sense of security.

  • @skunkhunter6089
    @skunkhunter6089 2 місяці тому

    I have been on a quest to discover how this works. For example watching someone actually slowly sign in using it. Someone using a backup. All I hear is jargon and fast talk. I travel a lot between residences. So I have to sign in from different devices. So many questions.

  • @lugano1999
    @lugano1999 11 місяців тому +25

    I can't believe how confusing this video is. You present the technical mumbo-jumbo but don't provide a single example.

    • @intrepidis1
      @intrepidis1 Місяць тому +1

      An example is shown at @1:05

  • @pernilsson2394
    @pernilsson2394 Рік тому +4

    But one can wonder why this solution wasnt implemented earlier if passwords are so bad. One way to get rid of passwords is for the site not asking the user to create an account. But then the companies cant as easily harvest your data and target you with ads.

    • @DroisKargva
      @DroisKargva Рік тому +1

      real

    • @ChibiKeruchan
      @ChibiKeruchan 11 місяців тому +1

      because earlier we do not have quantum computers. we are in a different ERA now. your password can be cracked easily if you don't make one that is 20 alphanumeric password with special characters.

    • @camwha5904
      @camwha5904 6 місяців тому

      @@ChibiKeruchan That only matters if you're encrypting a file. If it's a weblogin, your ip will be blocked and account locked if too many attempts are made on the account. Brute force doesn't work well against online services due to account locks. Most weblogin hacks are through phishing, credential stuffing, and stealing session cookies.

  • @tizianocolazzo4097
    @tizianocolazzo4097 8 місяців тому

    it's an universal authenticator?

  • @vasiovasio
    @vasiovasio Рік тому +11

    This video is fine, but you NON Stop repeating the word - Device and you mean Smartphones. What about the Computers - Desktops and Laptops. Where is the biometric in the most common PC with Windows? As a Mac user, I can tell you - the most of Desktop PC users don't have any form of biometric recognition on their Desktop machines.

    • @majorgear1021
      @majorgear1021 9 місяців тому +1

      This. While my Macbook had a fingerprint scanner, I use it 98% in clamshell mode with external keyboard/mouse/display. No biometric scanner available.

    • @ArijitBanerjeeArley
      @ArijitBanerjeeArley 6 місяців тому

      I believe they mentioned, that device PINs, Patterns or Passcode would work as well. From 2:00 to 2:10
      Also, a person should be able to scan a QR code and use their mobile device to scan and verify using biometrics using the hybrid method (as mentioned in the video)

    • @intrepidis1
      @intrepidis1 Місяць тому +1

      The Windows PC I use for work has a fingerprint scanner too.

    • @vasiovasio
      @vasiovasio Місяць тому

      @intrepidis1 Good for you, you live in the Future! I will go to steam some water and power up my cave machine without fingerprint reader! 😂😉

    • @intrepidis1
      @intrepidis1 29 днів тому +1

      No, on your aging computer you can still log into sites and apps because the biometric prompt would pop up on your phone. I assume you at least have a modern phone. Or if not, you can buy a USB fingerprint scanner dongle. If you don't have USB on your PC then you can add it with an internal PCI card. Also, I'd just like to note that my work laptop with the fingerprint scanner is now about 6 years old.

  • @blxnkstare
    @blxnkstare Рік тому

    how to nonactive the passkey?

  • @blackclover20
    @blackclover20 Місяць тому +1

    The most useless verification. How are you guys getting worst at this?

  • @severgun
    @severgun Рік тому +2

    finger of unconscious user grant all access... There is already a lot of stories when users get drunk by scammers and lose all money when use fingerprint on banking apps. Never use biometric on banking

    • @DroisKargva
      @DroisKargva Рік тому

      this is good approach. what if robber comes and grabs your phone and forces you to give him your phone pin. then he can use passkey to access any resource from your phone.

    • @Bless3757
      @Bless3757 Рік тому

      ​@@DroisKargvawhat is the same robber just demands for your bank password instead then?
      it's the same deal really
      almost ALL account hacking is done through phishing attacks and data breaches, which passkeys are MUCH more resistant to

  • @latuman
    @latuman 10 місяців тому

    This video brings more questions than answers. Is the passkey the same as fingerprint? It's implied that it is. If not, why not? How is it not? Is it a device token? Is it a "public key" vs "private key" scenario? HOW DOES IT ACTUALLY WORK. If someone steals my fingerprint, will they now control all my passwords?

    • @martijnvanderwal3976
      @martijnvanderwal3976 6 місяців тому

      passkey is not the same as a fingerprint or any other biometric. why not: passkeys are stored on your device, and you can only access them once you unlocked your device.
      It is not a device token, it doesn't even indicate what device it was used from.
      It is a public/private keypair, yes.
      If someone steals your fingerprint, then yeah they could sign in using your passkeys. This argument comes up a lot, but how common do you think that is? Believe me, you would have so many more problems if someone is specifically recreating your fingerprint 😜

  • @Ryzza5
    @Ryzza5 Рік тому +10

    So why doesn't Google let me add 2FA codes to accounts any more? I shouldn't need to provide my phone number every time. And then Google randomly decides not to let me log in even when I provide the correct username and password, with absolutely no way to proceed. I'm done and moving to another service.

    • @Oscar-vd4cv
      @Oscar-vd4cv Рік тому

      You can still use 2factor, go to your security settings

    • @mokiloke
      @mokiloke Рік тому

      Agreed, this whole thing is convenient, but must be corporations wet dream, knowing you location, phone number, etc, all through one convenient tracker.

  • @hassanmaje5849
    @hassanmaje5849 9 місяців тому +1

    Does not work! Whenever I used saved password on PC it does not prompt for passkey. I had to set up Windows hello.. when logging on from mobile device there isn't any passkey prompt either. BTW passkeys have been setup in my Google account. Google is broken unless someone can fix the above 2 problems for me.

  • @ElieeEliee64
    @ElieeEliee64 Рік тому

    All this talk and windows 11 pc with Edge browser still doesnt support passkeys. Lame

  • @shashwatmehta9733
    @shashwatmehta9733 3 місяці тому

    What if I want to let my wife log into my account while I'm away? The devices need to be in close proximity right? I can't just tell her the 2FA code over phone like I can with authenticator apps.

  • @tamal
    @tamal Рік тому

    What if my fingerprint is stolen? There are ways to print someone's fingerprint.

  • @jamestemple8970
    @jamestemple8970 Рік тому +24

    I learned little to nothing from this video. I have no problems using passwords, I don't see myself changing anytime soon.

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      Lol, yeah an identity security method from the 60s is probably the best one in 2023... You are asking to get phished or MITM'd. Good luck..

    • @DroisKargva
      @DroisKargva Рік тому

      2AF with TTOP seems better option than passkeys@@LivingInCloud1

    • @j1j1j1j1j1
      @j1j1j1j1j1 Рік тому

      literal simp

    • @jamestemple8970
      @jamestemple8970 Рік тому

      @@j1j1j1j1j1 Why fix a problem when there is no problem?

  • @bororobo3805
    @bororobo3805 Рік тому

    So what if you lose your device? 🤔

  • @EddieRandle-t3q
    @EddieRandle-t3q 5 місяців тому

    It is difficult for me to understand what is being said while that relatively loud and somewhat distracting background music is playing. Respectfully, please consider reducing the volume or removing the background music altogether. Your video is important for its informational content alone and does not need to entertain the listener. Thank you for reading my comment.

  • @sulaimandev
    @sulaimandev Рік тому

    What if someone stoll the device?

    • @LivingInCloud1
      @LivingInCloud1 Рік тому

      So? How would they get into it? You do secure your devices already today we hope?

  • @rumaghosal9996
    @rumaghosal9996 6 місяців тому

    How this is related to MS office??

  • @max_ishere
    @max_ishere Рік тому +1

    1:15 it was good until you said fingerprint

    • @Carlito_El_Gooner
      @Carlito_El_Gooner 7 місяців тому

      Bro, don't mention fingerprints again. Once my phone did not recognize my fingerprint no matter how much i tried. I was locked out of my phone and had to do a factory reset to get back in. Lost everything.

  • @chrishouse6924
    @chrishouse6924 11 місяців тому

    what if one does not have a smartphone?

  • @vmobile890
    @vmobile890 8 місяців тому

    What is google doing that another browser can not do ? Slowing a key do you mean yubikey or key as numbers or letters or each ?

  • @N_Ebenezer
    @N_Ebenezer 8 місяців тому

    is there a better, simpler, direct explanation for how this works?

  • @marcussacana
    @marcussacana Рік тому +1

    Seems to be more one thing to make impossible to live without the gapps in your phone.

    • @Ghfvhvfg
      @Ghfvhvfg Рік тому

      I use UA-cam that’s basically all…

  • @WyzrdCat
    @WyzrdCat Рік тому

    There is absolutely no value in any of the content prior to 1:55

  • @wakaneut
    @wakaneut 4 місяці тому

    Very convenient. But at what cost? Most of this type of videos never touch the disadvantages of passkeys. The more dependency to big companies for authentications. Losing or stolen devices could lead to headaches to recover accounts, if possible, and many others.

  • @id104335409
    @id104335409 5 місяців тому +1

    And then you lose your phone and all of your accounts are locked away forever. Thanks passkeys!

  • @ChanonpatPatanapimoljit
    @ChanonpatPatanapimoljit Рік тому

    รหัสผ่านผิดบ่อย ทำไงดี ลองเปลี่ยนเป็นพาสคีย์ ดู

  • @ralfmegil
    @ralfmegil Місяць тому

    i lost all of my mobile numbers and i cant change smth to all of my google account sigh

  • @tangocukedi1
    @tangocukedi1 Рік тому +5

    basically if someone can login to your laptop/cellphone, they have access to everything

    • @xE92vD
      @xE92vD Рік тому +1

      If you do allow them to.
      Passkeys require you to have a biometric way of logging in, so a password can't be used to use a passkey.

    • @Comments_From_All_Channels
      @Comments_From_All_Channels Рік тому +2

      Fingerprints get hacked unless you use mark of the beast

    • @ChibiKeruchan
      @ChibiKeruchan 11 місяців тому

      @@xE92vD finger print are easy to get when you are drunk or asleep. password don't. unless elon musk find a way to find your password using his neurolink 😂😂😂😂😂😂

    • @Carlito_El_Gooner
      @Carlito_El_Gooner 7 місяців тому +1

      @@Comments_From_All_Channels Was locked out of my own phone once cos the phone didn't recognize my own fingerprint. Had to do a factory reset to get back in.

  • @eexit_
    @eexit_ Рік тому

    This video is very hard to follow: the off-voice intonation is very wavy, and the voice does not detach much from the background music... For a non-native English audience, it requires a lot of attention to understand what she says.