Of course they are easy when someone walks you through one-and-only-one mode of execution. But how do I explain the entire concept to someone who has a Doctorate in pharmacy? I'll go watch that other vid you made and see if it has some answers. I do thank you for this video, too.
I hardly ever use my phone for Google anything. My desktop and Chromebook are my usual go-to email devices, but neither has face recognition or fingerprint scanning. So what do passkeys actually bring, assuming I'd have to use a password on those devices anyway?
My Google Account still saves my password, so I could still sign in with my password if necessary. I thought passkeys enhance security because they are useless if somehow they are stolen, which is of-course not the case with passwords. My question is how do passkeys enhance security, given that passwords can still be used to sign in, as is the case with my Google account?
Great video. How can I opt out of using passkeys and return to username, password, and my YubiKey until some of the bugs with passkeys have been worked out?
You can remove any of the passkeys you setup in the same menu where you created them. Alternatively, when you are prompted to login, you can choose another method to authenticate yourself.
Hi! Good one. Passkeys are awesome but what to do with the password after enabling passkeys? With Microsoft accounts I can remove the password from my account completely, but most services do not support or offer this. As I see it the password is still a back door to the account in question. Less so if MFA is active in the account but still. I could auto generate a very complex password and never use it which reduces risk but it’s still a problem if a data breach happens on the server side. They could then phish me with a clever message about my password and trick you into using those credentials and second factor to log in.
You're spot on with the approach. Use a unique password + MFA (which is what the passkeys replace anyway). Given you never use it and it's unique, it will help protect against account takeovers. There is always the risk of a data breach on the server side but that's a different threat. For most apps, they should be storing your password in a way that the hackers won't be able to do anything with it. If you get a phishing email urging you to login, I would always revert to your passkeys.
Waoowh super amazing very effective and informative video thanks you for sharing useful video because of your vlog tutorial I got some knowledge from you about passkey
I can't get this to work on my iPhone12 with IOS 17.3.1. Also, I don't think an iPhone12 uses fingerprints. Each time, it directs me to settings, and then no matter what I choose, it says "Something went wrong." The instructions from Google do not at all match what is in the IOS 17.3.1 menu. I have never been this frustrated with Google.
I bought a new phone and one of the apps I was using Passkey for on the old phone will not work on the new phone...pops up and says "No passkeys available There aren't any passkeys for the __________________ (app login)...I have have created a passkey in the new phone, cant get it connected t the the app?
I'm running a project on laravel and I need that passkey for authentication by email, but the problem is that my device is maCos Big Sur so always I try to create passkey, I get error message chrome(I can't create passkey with my device) so I'm going to ask if I create by my phone, laravel will accept or no?
Is the passkey device Specific? - or if I have a computer and phone will it merge across devices? Also does the passkey eliminate or delete my PASSWORD? AND what if you have 2-3 Google accounts like I do? I have a job gmail, a Google gmail, and another Goog gmail?
You can set it up for multiple accounts, no issues there! You can have both the password and the passkey at the same time. You can set it up just for a specific device or use a password manager like 1Password and it will work across devices.
Why on earth would i want to use this when i am on pc that has no webcam or finger scanner as i don't want them. An fact google keep trying to get me to set one up just to log into UA-cam is all a fail due to what i ready said.
This is just related to if you are using a security hardware key (like a Yubikey). It's just a backup to your passkey. It's not required, just something I recommend.
Hi Jason, what if you are asked to setup an icloud keychain? have you seen this while setting a passkey on a mac? I am asking because on this video you are not getting this prompt.
First of all, they are not in wide use, by sites, etc. Therefore we will have a mix which could just confuse things. Second, to be secure, one should use different user IDs, when allowed. So, we need to have somewhere to store them, like a password manager. Then, you might as well pick up the password, at the same time.
Websites will prompt when they support it, so I don't think there will be a large amount of confusion. For Google, you can configure it to use the passkey ahead of other options which makes it even easier. The good news is that many password managers are working on integrating support for passkeys too.
No doubt. I think adoption will grow over time though and we'll see major apps implement it. We'll never get to 100% but if we can get the critical apps we use then we'll be better off.
@@teachmecyber I'm confused as to how passkeys work. I don't own a smart phone and probably never will so if i'm using my Google account on my laptop and want to create a passkey for my Google account can i do it with say just my thumb print and it'll work that way and i'll be able to log in using my thumb print on my laptop without a smart phone or are users now required to own a smart phone in order to ever access their Google account again in their lifetime?
I really liked this video. However i was wondering why is it that even after i have setup a passkey for my Pixel 6A EACH and EVERYTIME i login to my Google account on my PC it prompts to me to scan a QR code? If i dont scan this code then it won't allow me to sign in. This happens wether i use brave browser or Chrome. I thought once i have a passkey setup on my phone and go through the process then i shouldn't have to scan a QR code again. On my phone though i do use a password to unlock my phone. Would this have anything to do with why everytime i login to my account on my PC using my phone that i get the QR code prompt? Any and i do mean any assistance with this wouldn't be greatly appreciated!!!
@@teachmecyber yes I do see the registered passkey in my Google account that is tied to my Pixel 6A. I just checked my account again to be sure. Is there a way to delete the passkey and try to create a new one? Do you think this would help getting out of this loop?
It's worth a shot to delete the passkey and start over. You can delete existing passkeys in Google, just go to the same page that you set the passkeys up on and then you can delete from there.
Thank you for trying to help me with this. Google finally fixed it so now those issues have been resolved. All I do now is just sign in and select the passkey option and then once the drop down section comes on my PC about which device I then just select my pixel and then it signs me in without scanning the QR code again.
A few options here with varying degrees of security (starting with more secure and going to less secure): 1. Use a hardware key as a backup. Something like a yubikey that you securely store. 2. Google has the option to sync that passkey across Android devices, so if you lose the device you will be okay. 3. Use a third party like 1password to securely store the passkey
@@teachmecyber so if I have only one device and i use it for everything, I'm screwed if I lose it. No thanks, no passkey for me. Seems a flawed process.
This is so confusing. I am the sole User of my PC (Win11). I use Yubikey to login to my email (not a Google email) - I plug my Key in, go to my email login, choose Security Key, put in my PIN, touch my Key and I'm in. One day, I go to login like normal and encounter a different login process where I choose Security Key and get a different popup that wants me to turn on bluetooth - so I turn it on, and THEN I get a popup with a QR Code that it wants me to scan 🤬 So now I have to figure out how to get my Camera to scan it, still unsure as to whether I can still use my Yubikey (which I have as 2fa already) afterward. So I'm back to using password and SMS 2fa until I can figure this out, find a tutorial, or something. I don't want to lose access to my email because I inadvertently set something up that made my email so secure that even I can't access it after I've scanned the QR Code. I'm confused and frustrated - I can't find any tutorial on this that relates to PC users or the email I use🤬
I haven't heard of anything quite like this. I would recommend you verify the MFA methods you have configured first. The QR code should only be for the mobile authenticator app. Then you can set up your Yubikey, a supported device (e.g. your phone or laptop), and an authenticator app as backup.
@@teachmecyber Thank you for your reply :) After asking around, I found out what had happened was that the normal menu drop - downs had been reconfigured to show the Mobile Authentication as the Default, and the physical Security Key option had been buried in another dropdown layer and how to get to it wasn't real obvious. I'm good now, but yeah it took some digging, lol
completely confused why don't they just have a button to click that dose it all for you computers are supposed to make things easy not baffling i will stick to pass words much easier
@@teachmecyber Ok, the more we Gen Xers (my friends & I, anyway) dig into this, the deeper down the rabbit hole we end up…1) If we have non-Mac PCs, use Microsoft, Powerpoint & Adobe for some things, have Chrome browser (?) and Google accounts that we use interchangeably between these laptops and our (Apple / Safari) iPhone, iPad, iPod… WHICH passkey system / program / (?) [Apple, Google, MS?] do we use / start with? 2) Do they all cover the same accounts, overlap? 3) Is it best to delete all of the saved passwords from our devices and set these up from one device to cleanly sync to the others? Something visual - pictograph / chart would be so helpful. If we’re in your target audience, this would be a great video. I’m going to resurrect writing under my real name again, but if there’s a video in the meantime, I will share it through both my personal and teacher-author alias networks. I know I’m asking a LOT. 😉 Thank you for considering this!
I'm thinking about creating a 1 pager that covers best practices. Is that something you think would be valuable? There's two ways to answer your first question: Most Secure: You would create a passkey for every device you want to use to authenticate. This is more work but it keeps the passkey tied to a specific device. More Convenient (still secure if you take the right steps): You can use 1Password to create your passkey. The passkey is stored in 1Password and can be used anywhere you have 1Password installed. You just want to make sure that you're protecting access to 1Password as best as you can (I have a video on that). For your second question, you need to set up a passkey for each website. It's a 1:1. And for your third question, you'll want to keep your passwords for now as a backup just in case something happens where you can't log in. You want to make sure those passwords are unique and never reused.
You know what I don't want. Insecure crap that makes logging in harder than in it needs to be. A password is sufficient. How are you even supposed to log in when you lose the device that has the passkey stored on it?
Passkeys make it easier to log in and it's more secure than passwords when protecting against phishing attacks. For Google passkeys, they will sync across Android devices. You can also use a third party to manage your passkeys, like 1Password.
Great video. Thank you.
What I don't understand...are you required to use some kind of a USB key to be able to create a passkey? And does each device require its own passkey?
Of course they are easy when someone walks you through one-and-only-one mode of execution. But how do I explain the entire concept to someone who has a Doctorate in pharmacy? I'll go watch that other vid you made and see if it has some answers. I do thank you for this video, too.
Great Video!!
Thanks!
thank you so much!! this really helped.
I hardly ever use my phone for Google anything. My desktop and Chromebook are my usual go-to email devices, but neither has face recognition or fingerprint scanning. So what do passkeys actually bring, assuming I'd have to use a password on those devices anyway?
Yes. Thank you!
Thanks for that feedback!
My Google Account still saves my password, so I could still sign in with my password if necessary. I thought passkeys enhance security because they are useless if somehow they are stolen, which is of-course not the case with passwords.
My question is how do passkeys enhance security, given that passwords can still be used to sign in, as is the case with my Google account?
Great video. How can I opt out of using passkeys and return to username, password, and my YubiKey until some of the bugs with passkeys have been worked out?
You can remove any of the passkeys you setup in the same menu where you created them. Alternatively, when you are prompted to login, you can choose another method to authenticate yourself.
Hi! Good one. Passkeys are awesome but what to do with the password after enabling passkeys? With Microsoft accounts I can remove the password from my account completely, but most services do not support or offer this. As I see it the password is still a back door to the account in question. Less so if MFA is active in the account but still. I could auto generate a very complex password and never use it which reduces risk but it’s still a problem if a data breach happens on the server side. They could then phish me with a clever message about my password and trick you into using those credentials and second factor to log in.
You're spot on with the approach. Use a unique password + MFA (which is what the passkeys replace anyway). Given you never use it and it's unique, it will help protect against account takeovers.
There is always the risk of a data breach on the server side but that's a different threat. For most apps, they should be storing your password in a way that the hackers won't be able to do anything with it.
If you get a phishing email urging you to login, I would always revert to your passkeys.
So let's say if I format my phone completely then what happens?
Waoowh super amazing very effective and informative video thanks you for sharing useful video because of your vlog tutorial I got some knowledge from you about passkey
Glad it was helpful!
I can't get this to work on my iPhone12 with IOS 17.3.1. Also, I don't think an iPhone12 uses fingerprints. Each time, it directs me to settings, and then no matter what I choose, it says "Something went wrong." The instructions from Google do not at all match what is in the IOS 17.3.1 menu. I have never been this frustrated with Google.
I bought a new phone and one of the apps I was using Passkey for on the old phone will not work on the new phone...pops up and says "No passkeys available There aren't any passkeys for the __________________ (app login)...I have have created a passkey in the new phone, cant get it connected t the the app?
I'm running a project on laravel and I need that passkey for authentication by email, but the problem is that my device is maCos Big Sur so always I try to create passkey, I get error message chrome(I can't create passkey with my device) so I'm going to ask if I create by my phone, laravel will accept or no?
Is the passkey device Specific? - or if I have a computer and phone will it merge across devices? Also does the passkey eliminate or delete my PASSWORD? AND what if you have 2-3 Google accounts like I do? I have a job gmail, a Google gmail, and another Goog gmail?
You can set it up for multiple accounts, no issues there! You can have both the password and the passkey at the same time. You can set it up just for a specific device or use a password manager like 1Password and it will work across devices.
Google won’t let me set up Passkey on my IPhone 14 with iOS 17.4.1. Why not just say Google passkeys are only available on android.
Why on earth would i want to use this when i am on pc that has no webcam or finger scanner as i don't want them.
An fact google keep trying to get me to set one up just to log into UA-cam is all a fail due to what i ready said.
I like it
Thanks for watching!
Please i need your help on how i can set up passkey on my binance
Best
I'll give it a miss for now but well presented video.
Thanks, it's easy to set up and use so I would encourage you to set it up even if you don't use it all that often.
Could you please send a link to setting up a passkey? Thank you
Here's a link: support.google.com/accounts/answer/13548313?hl=en
Would a written guide like this be useful in the future paired with the video?
what are we plugging in the computer????? im confused
This is just related to if you are using a security hardware key (like a Yubikey). It's just a backup to your passkey. It's not required, just something I recommend.
Hi Jason, what if you are asked to setup an icloud keychain? have you seen this while setting a passkey on a mac? I am asking because on this video you are not getting this prompt.
Yes, you can store it on the iCloud keychain of you want. I have it set up differently so it doesn't prompt for that
@@teachmecyber how can I do that? what's your setup can you say? I don't like the icloud kechain thing.
How to do without Google ? Why does having a pass key or youbi key required ?
Are you really asking why you need a passkey to use passkeys?
First of all, they are not in wide use, by sites, etc. Therefore we will have a mix which could just confuse things. Second, to be secure, one should use different user IDs, when allowed. So, we need to have somewhere to store them, like a password manager. Then, you might as well pick up the password, at the same time.
Websites will prompt when they support it, so I don't think there will be a large amount of confusion. For Google, you can configure it to use the passkey ahead of other options which makes it even easier.
The good news is that many password managers are working on integrating support for passkeys too.
@@teachmecyber And there will be many, many that never accept passkeys.
No doubt. I think adoption will grow over time though and we'll see major apps implement it. We'll never get to 100% but if we can get the critical apps we use then we'll be better off.
@@teachmecyber I'm confused as to how passkeys work. I don't own a smart phone and probably never will so if i'm using my Google account on my laptop and want to create a passkey for my Google account can i do it with say just my thumb print and it'll work that way and i'll be able to log in using my thumb print on my laptop without a smart phone or are users now required to own a smart phone in order to ever access their Google account again in their lifetime?
I really liked this video. However i was wondering why is it that even after i have setup a passkey for my Pixel 6A EACH and EVERYTIME i login to my Google account on my PC it prompts to me to scan a QR code? If i dont scan this code then it won't allow me to sign in. This happens wether i use brave browser or Chrome. I thought once i have a passkey setup on my phone and go through the process then i shouldn't have to scan a QR code again. On my phone though i do use a password to unlock my phone. Would this have anything to do with why everytime i login to my account on my PC using my phone that i get the QR code prompt? Any and i do mean any assistance with this wouldn't be greatly appreciated!!!
It's possible it isn't getting set up right and just forcing you into a loop to register again. Are you seeing the registered passkeys in Google?
@@teachmecyber yes I do see the registered passkey in my Google account that is tied to my Pixel 6A. I just checked my account again to be sure. Is there a way to delete the passkey and try to create a new one? Do you think this would help getting out of this loop?
It's worth a shot to delete the passkey and start over. You can delete existing passkeys in Google, just go to the same page that you set the passkeys up on and then you can delete from there.
Thank you for trying to help me with this. Google finally fixed it so now those issues have been resolved. All I do now is just sign in and select the passkey option and then once the drop down section comes on my PC about which device I then just select my pixel and then it signs me in without scanning the QR code again.
Glad to hear it's working now!
Set up new account
What happens if I lose my device? How do I get into my accounts?
A few options here with varying degrees of security (starting with more secure and going to less secure):
1. Use a hardware key as a backup. Something like a yubikey that you securely store.
2. Google has the option to sync that passkey across Android devices, so if you lose the device you will be okay.
3. Use a third party like 1password to securely store the passkey
@@teachmecyber so if I have only one device and i use it for everything, I'm screwed if I lose it.
No thanks, no passkey for me. Seems a flawed process.
@teachmecyber can you store passkey in Bitwarden?
Sorry it has changed since you did this video?
Should all be the same! Let me know if something is different
This is so confusing.
I am the sole User of my PC (Win11).
I use Yubikey to login to my email (not a Google email) - I plug my Key in, go to my email login, choose Security Key, put in my PIN, touch my Key and I'm in.
One day, I go to login like normal and encounter a different login process where I choose Security Key and get a different popup that wants me to turn on bluetooth - so I turn it on, and THEN I get a popup with a QR Code that it wants me to scan 🤬
So now I have to figure out how to get my Camera to scan it, still unsure as to whether I can still use my Yubikey (which I have as 2fa already) afterward.
So I'm back to using password and SMS 2fa until I can figure this out, find a tutorial, or something.
I don't want to lose access to my email because I inadvertently set something up that made my email so secure that even I can't access it after I've scanned the QR Code.
I'm confused and frustrated - I can't find any tutorial on this that relates to PC users or the email I use🤬
I haven't heard of anything quite like this. I would recommend you verify the MFA methods you have configured first. The QR code should only be for the mobile authenticator app.
Then you can set up your Yubikey, a supported device (e.g. your phone or laptop), and an authenticator app as backup.
@@teachmecyber Thank you for your reply :)
After asking around, I found out what had happened was that the normal menu drop - downs had been reconfigured to show the Mobile Authentication as the Default, and the physical Security Key option had been buried in another dropdown layer and how to get to it wasn't real obvious.
I'm good now, but yeah it took some digging, lol
Glad to hear you got it figured out!
completely confused why don't they just have a button to click that dose it all for you computers are supposed to make things easy not baffling i will stick to pass words much easier
1Password and Bitwarden have passkey support now, so you can use a passkey on all devices. Check out the videos I created on those.
I miss the 80s. 🤦🏼♀️
🤣🤣🤣 what was your favorite thing!?
@@teachmecyber What wasn’t?! 😂 I’ve been in password h*** for at least a decade!
😂😂😂
@@teachmecyber Ok, the more we Gen Xers (my friends & I, anyway) dig into this, the deeper down the rabbit hole we end up…1) If we have non-Mac PCs, use Microsoft, Powerpoint & Adobe for some things, have Chrome browser (?) and Google accounts that we use interchangeably between these laptops and our (Apple / Safari) iPhone, iPad, iPod… WHICH passkey system / program / (?) [Apple, Google, MS?] do we use / start with? 2) Do they all cover the same accounts, overlap? 3) Is it best to delete all of the saved passwords from our devices and set these up from one device to cleanly sync to the others?
Something visual - pictograph / chart would be so helpful.
If we’re in your target audience, this would be a great video. I’m going to resurrect writing under my real name again, but if there’s a video in the meantime, I will share it through both my personal and teacher-author alias networks. I know I’m asking a LOT. 😉
Thank you for considering this!
I'm thinking about creating a 1 pager that covers best practices. Is that something you think would be valuable?
There's two ways to answer your first question:
Most Secure: You would create a passkey for every device you want to use to authenticate. This is more work but it keeps the passkey tied to a specific device.
More Convenient (still secure if you take the right steps): You can use 1Password to create your passkey. The passkey is stored in 1Password and can be used anywhere you have 1Password installed. You just want to make sure that you're protecting access to 1Password as best as you can (I have a video on that).
For your second question, you need to set up a passkey for each website. It's a 1:1.
And for your third question, you'll want to keep your passwords for now as a backup just in case something happens where you can't log in. You want to make sure those passwords are unique and never reused.
You know what I don't want. Insecure crap that makes logging in harder than in it needs to be.
A password is sufficient. How are you even supposed to log in when you lose the device that has the passkey stored on it?
Passkeys make it easier to log in and it's more secure than passwords when protecting against phishing attacks. For Google passkeys, they will sync across Android devices. You can also use a third party to manage your passkeys, like 1Password.
@@teachmecyber The best thing to avoid phishing attacks is to use one's brain before clicking on something.
That beard of yours is very distracting.
The beard is life
this shit does not work
What issues are you running into?
Great Video!!
Thanks for watching, hope it was helpful for you!
Hello
Please I will need your help on how I can solution. Set up ..passkey
Please i need your help on how i can set up passkey on my binance
Same here
I just can't it to work for me.