My first big problem is that the explanations of what passkeys actually are were hopelessly inadequate: Vague and arm-wavey and full of marketing hype. I have a reasonably good understanding of asymmetric crypto and after looking for an explanation of what was actually being signed and who was signing it and finding nothing useful, I gave up.
Eventually I found https://systemsapproach.org/2024/10/14/can-passkeys-replace-passwords/ and I think it’s a very good explanation to the realities of passkeys. There is exactly one site so far which managed to get a passkey working on my Mac so that Touch ID gets me in. -T On Jul 30, 2025 at 7:12:47 AM, Peter Griffin via Silklist < [email protected]> wrote: > 👍 > > peter reacted via Gmail > <https://www.google.com/gmail/about/?utm_source=gmail-in-product&utm_medium=et&utm_campaign=emojireactionemail#app> > > On Wed, 30 Jul 2025, 19:29 Udhay Shankar N, <[email protected]> wrote: > >> >> On Wed, Jul 30, 2025, at 7:11 PM, Peter Griffin via Silklist wrote: >> >> Passkeys are one of those things that have felt off to me. But seeing >> this list talk about it makes me think I need to educate myself about them. >> I will go search,big course, but if you folx could recommend some basic >> reading, something a newbie can understand, I would be grateful. (Off-list, >> perhaps, since this will be old hat to the rest of the list?) >> >> >> This seems like a good enough place to start: >> https://freedom.press/digisec/blog/passkeys-beginners/ >> >> The things to remember: >> >> >> 1. Passkeys are more secure than passwords and are immune to most >> kins of phishing attacks. >> 2. You can (and should) create multiple passkeys for the same account >> - at a minimum, one for each device you use to log into that account. It's >> easy enough to revoke/delete them if you (for example) change devices. >> 3. You can (and should) store at least one passkey per account in a >> password manager such as bitwarden so you have access to it across >> devices. >> Clearly, this does not apply to the passkey you use to log into bitwarden. >> :) >> 4. I am happy to provide more detail on the phone if you want. >> >> Udhay >> >> -- >> ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) >> >> >> >> -- > Silklist mailing list > [email protected] > https://mailman.panix.com/listinfo.cgi/silklist >
-- Silklist mailing list [email protected] https://mailman.panix.com/listinfo.cgi/silklist
