Thanks for the engagement and sharing your thoughts! *@udhay* I agree the communication problem is real. Given the scope and ambition of passkeys, various questions like *"What are they", "How do I use them", "What do they give me", "How do they work under the hood", "I already use security keys; how are these any better" *all need to be answered, and at different levels for different cohorts of users. But yes, definitely no one should have to hear about or understand PKI to understand what passkeys can do for them.
But allow me to push back on one of your assertions: *Udhay > From a purely operational (and not theoretical) perspective, passkeys are multiple things. They are credentials that live either in your password manager (in which case they are portable) or in your phone, or perhaps your FIDO2 key (in which cases they are not).* >From a purely operational perspective, how is that different from saying "*passwords are multiple things because you can save it to Apple Notes **or commit it to memory** (in which cases they are portable), or write it down in a physical notebook (in which case they are not)?"* A passkey is just a credential. And users have agency over where to store them; they can be stored on general purpose computing devices (phones, tables, laptops, desktops), or on special purpose devices (security keys). Where you choose to store the passkey bestows additional security and usability properties, just like having your password committed to memory, written down in a notebook in your house, or saved away in a bank deposit box allow different affordances but don't change what a password actually is. Specifically on the PIN/Fingerprint confusion, I've found the following variant works with a less technical audience. WDYT? *Once you save a passkey for your Amazon or Google account (say) to your iPhone, subsequently signing in to that account on that phone will be much easier, and basically happens in two steps; (a) you prove that you are the phone's owner - by demonstrating you can unlock the phone using your PIN or face id, and then (b) the phone's OS will securely sign you into your Amazon/Google account using the passkey on the phone. What's more, once you save a passkey to your iPhone, it will be shared with all your other Apple devices automatically, and signing in to that Google account works again in those two easy steps. This saves you from having to create or remember wonky passwords for every site you have an account on. * *@martin* thanks for sharing your experience and circumstances. At this stage of the technology some important end user usability details are dependent on platform-specific implementation details. Among the major operating systems, Windows' passkeys support is lagging along many dimensions. I'm told things should get better in the next 18-24 months. If you could, and haven't already, I'd recommend you to upgrade to Windows 11. It is my belief that once we're through this initial phase, passkeys will work especially well for users with challenges like you mention in your note. Imagine a world where you don't need to memorize or type in crazy combinations of letters and weird characters anywhere online, but just invoke a passkey the same way you unlock your personal devices tens of times every day already. *@timbray* That's a good article; thanks for sharing. Some of the challenges outlined there are real (inconsistencies in UI/UX, multiple systems "wanting to help" etc). The only minor push back I have is that the author uses the (admittedly poor) passkey experience from his niche security-savvy setup to conclude the tech is too confusing for regular users. Everyday users of the internet don't use 1password, or buy Yubikeys. Security keys are great, but they're a niche. Passkeys, OTOH, have achieved multiple orders of magnitude more adoption in less than an order of magnitude of time. Oh, I would also recommend this two part series from the EFF. It's almost 2 years old now, but is objective, tightly composed, and essentially correct. Part 1: https://www.eff.org/deeplinks/2023/10/what-passkey Part 2: https://www.eff.org/deeplinks/2023/10/passkeys-and-privacy *@charles* Yay. Go passkeys! *@peter* Have a read of the links shared in this thread, and also the support documentation of top web services you may be using. Amazon, Google, Intuit, Paypal, WhatsApp, and many more all have good support. Also happy to directly answer any questions you have. -Karra On Tue, Jul 29, 2025 at 11:44 PM Sriram Karra <[email protected]> wrote: > (resending to the "right" list address) > > In my day job I work on supporting passkeys as a way to access online > services. Passkeys are designed as an easier and more secure alternative to > passwords. They have been around for a few years now and I hope many of you > have encountered them in the wild. > > Passkeys are intended to be usable by nearly everyone online. And I like > to ask my networks about their experiences, as an unscientific dipstick > measure of common perception. > > So dear Silk listers, I'm curious to hear *your personal* experiences > with, and your original thoughts about, this new tech. It could be either > from your own online journeys, or while acting as tech support for your > family and friends. > > -Karra >
-- Silklist mailing list [email protected] https://mailman.panix.com/listinfo.cgi/silklist
