More than two years ago we saw the arrival of the passkeys with a clear promise: to solve a problem as old as password insecurity and annoyance.
Two years after its deployment began, that promise remains unfulfilled. He highlights it Ars Technica in a wonderful analysis that extends what we have been telling for some time.
The technology on which they are based is quite convincing on paper. Use public-private key cryptography to authenticate users. Furthermore, a passkey cannot be stolen and is immune to phishing. The process had to be as simple as unlocking a cell phone with your fingerprint. It should be the future.
But the implementation is a disaster.
Apple, Google and Microsoft have turned what should be a simple standard into a battle for user control. Each platform pushes towards its own synchronization solution. The interfaces are inconsistent. Portability between platforms is very complicated. And the setup dialogs are confusing and repetitive.
A Windows user setting up a passkey in Chrome you will never be able to use it on your iPhone. Someone using Firefox on a Mac will see that their passkey It is tied to that specific browser. The official solution – scanning QR codes between devices – is cumbersome and not entirely reliable.
And the idea with Passkeys was to transcend passwords, but At the moment they are only an alternative that coexists with them. An extra, not a replacement. Backup methods are still less secure (an SMS, an email) and therefore there are still more vulnerable options if someone wants to attack us.
Some password managers already offer a partial solution by synchronizing passkeys between platforms, but again, this chains us even more to passwords. And few users use a manager.
The passkeys They continue to be a good bet for a future without passwords, but as long as big technology companies continue to put their competitiveness first, which translates into walled gardens, a coherent and simple user experience that truly convinces will not arrive. Technologically it is possible, but it requires a real will to implement it.
In the meantime, I continue to use traditional passwords, different for each site, stored in a manager and with two-step authentication activated wherever available. It is the most practical. At least for now.
Featured image | Google, Xataka
In Xataka | The best free, secure and easy-to-use password generators
![[Img #74760]](https://thelatestnews.world/wp-content/uploads/2025/01/Is-it-possible-to-objectively-measure-the-physical-pain-a-300x200.jpg)
Add Comment