Tying a password to a browser or device isn’t going to make it any easier.
Use a password manager and set unique string passwords for everything.
If the app supports it, use FIDO physical keys instead of Passkeys
… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.
What options are there for migrating passkeys to a new device?
Easy to lock you into that iPhone and you must use their migration tool when you upgrade. Or I just carry it on my keychain, no vendor lock in.
3rd party password managers are already adding passkey support. Passkeys isn’t an Apple only security technology. FIDO has its place but passkeys is the future for most people like it or not.
Do I need a subscription service for this passkey supported password manager?
Or I can just buy a hardware key that can be used on my phone or any device, password manager supported or not.
Seems like the freedom and portability of a physical key, like a key to your home or car makes a ton of sense.
Passkeys are based on and supported by the FIDO alliance.
You don’t need a subscription as you well know since you know what they’re based on. And I meant FIDO physical keys as you were alluding to. Why would I ever want another device to use with a device that already has biometric auth? That last a barrier of entry that’s too high for most people.
Passkeys. They’re amazing.
Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys
… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.
What options are there for migrating passkeys to a new device? Easy to lock you into that iPhone and you must use their migration tool when you upgrade. Or I just carry it on my keychain, no vendor lock in.
3rd party password managers are already adding passkey support. Passkeys isn’t an Apple only security technology. FIDO has its place but passkeys is the future for most people like it or not.
Do I need a subscription service for this passkey supported password manager? Or I can just buy a hardware key that can be used on my phone or any device, password manager supported or not. Seems like the freedom and portability of a physical key, like a key to your home or car makes a ton of sense.
Passkeys are based on and supported by the FIDO alliance.
https://fidoalliance.org/passkeys/
You don’t need a subscription as you well know since you know what they’re based on. And I meant FIDO physical keys as you were alluding to. Why would I ever want another device to use with a device that already has biometric auth? That last a barrier of entry that’s too high for most people.
Passkeys are a replacement for passwords, not a second factor like requiring a physical key.
Why would I reduce the number of factors and also entrust what should be something I know to a vulnerable key store.
https://www.bleepingcomputer.com/news/security/new-tpm-20-flaws-could-let-hackers-steal-cryptographic-keys/
Until you realize Apple allows the iPhone to airdrop them. Ugh.