You need to make sure you have backup OTP codes or or some other method of resetting your keys. Email/Phone/Etc is often used for that.
On Fri, Oct 10, 2025 at 6:55 PM _ Winterlight <[email protected]> wrote: > Thanks Chris....So what happens if you loose the USB key... ot you want to > log into multiple devices simutainiouly...you go back to a password? > Suppose you are using enryption and you loose the key are you permentaly > locked out? The reason keys have been slow to be accepted is because nobody > understands them and users feel uncomfortable using them > ________________________________ > From: Hardware <[email protected]> on behalf of > Christopher Fisk <[email protected]> > Sent: Thursday, October 9, 2025 7:46 AM > To: [email protected] <[email protected]> > Subject: Re: [H] Passkeys and login security? > > Passkeys are a type of Multi-factor Authentication. MFA as you know is: > > - > > Something you know - Like a password, or a memorized PIN. > - > > Something you have - Like a smartphone, or a secure USB key. > - > > Something you are - Like a fingerprint, or facial recognition. > > Passkeys allow you to setup your smartphone or computer as a "Something you > have". In this case, the computer itself. > Unlocking your account with a password or a pin is a "Something you know", > and using faceid or similar is the "Something you are" part. > > With google passkey, you're just moving the "Something you have" from your > smartphone's Authenticator App, to your computer's physical hardware. This > is why you should never create a passkey on a computer you don't own. Even > if you log out of a computer, that passkey will stay on that computer and > can be used to access your account. > > > On Thu, Oct 9, 2025 at 12:03 AM _ Winterlight <[email protected]> > wrote: > > > I am just as confused as you are. I bought a google passkey to use with > my > > Chromebook but I have the same concerns you articulated. Any article I > read > > about this they don't really explain it in depth. It is as if they think > > everybody has a laptop and a phone and that's it. And If someone gets > ahold > > of your passkey does that mean they have access to any of your devicses. > > How secrure it that! > > ________________________________ > > From: Hardware <[email protected]> on behalf of > > Bino Gopal <[email protected]> > > Sent: Monday, September 29, 2025 10:54 AM > > To: [email protected] <[email protected]> > > Subject: [H] Passkeys and login security? > > > > So I've been getting prompts for passkeys for a while now, and finally > > gave in and set up a couple and stored them in 1Password... > > > > Question is tho, has anyone found a way to set up one passkey that syncs > > across all your devices, as normally it's device dependent? > > > > Also, what about when you want to log in to an account for a new > computer, > > or a friend's computer, or a friend's phone, or a public terminal or when > > you're traveling...? You still need the password in that case-if you're > > not using your own mobile device, no? So it's not like you can turn > > password access off unless you assume you'll never need to do that, no? > > > > And I still have MFA set up on those accounts, so how is it any better to > > use passkeys, especially if I use an app-and not SMS/email for the MFA? > > > > Isn't password with MFA (especially if I need a physical Yubikey for > > access) better than even passkeys and more useable in more instances? > > > > Thoughts? > > > > > > BINO > > >
