People suck at passwords, just look at haveibeenpwned. Yet, they have been with us for a very long time and still today serve a very important purpose.
Just look at the truly misguided attempts to replace them with “magic link” logins. You know the ones. Enter your email address, then they email you a code or link every time you want to log in. Please, never do this, it’s incredibly user hostile even if it makes your app “safer” (?). It’ll make you yearn for passwords again.
Passkeys are the answer?
Along came passkeys. A cool idea that quickly turned evil.
How do cryptographic blobs that can’t be faked or brute forced become evil? When tech giants leverage a good idea to further lock you into their platforms. Just do a quick FaceID and you’re in – as long as you’re on your Apple device. Or that handy Windows Hello that keeps your passkeys synced – across your Windows machines.
So I’ve been against them pretty much from the start when I saw them going this way.
Password managers (third-party!) to the rescue
However, the tides are turning back to open and to choice, and that’s awesome. Many of the solid password managers are now supporting passkeys [1, 2]. This means you get your no hassle, cryptographic login (often without 2FA or device login SMSes), but you skip the lock-in.
I’m a 1Password user and I found that 36 of my logins supported Passkeys (check here). Just visit WatchTower and click on Passkeys. After a few hours, I had them all created and registered so no more accounts need attention:
Give it a try
So give it a try. And if you’re not using a password manager, stop right now and go get one (I recommend 1Password and BitWarden). Then add some passkeys to your accounts that support them and save them in your password manager.
Follow up polls
After some back and forth with folks online, I realized it would be worthwhile to run a couple of polls to see what others think and what they are doing for their logins.
Here’s the result of asking a bunch of Python enthusiasts on Twitter and Mastodon:
Cheers, Michael