PassKeys: thanks, but no thanks… yet

Pablinux

5 minutes

PassKeys

All the PassKeys they are already here. What are they? Well, let's summarize it a bit: his intention is for us to forget about passwords, so that we can enter any service from biometric data and linked devices, so we can never forget a password nor can it be stolen from us because, simply, it starts in us and do not exist as such. They are already available in iOS 16 and will soon be in Android 14, of which the public beta has already been launched, and now it's up to the services to step up and start implementing them.

Like it or not, the PassKeys they are the future. With Apple, Google and Microsoft behind it, a path has begun that has no turning back. But it is that, the future, not the present at all. And, as is sadly usual, it is less so for Linux users. Just like explains Google, in order to create a PassKey and access a service with it, you need a computer with Windows 10 or macOS Ventura, a mobile phone with iOS 16 or Android 9 or a hardware security key that supports the protocol FIDO2.

PassKeys Compatible Browsers

In addition, the computer must have installed a compatible browser, and Google says they are Chrome 109 or higher, Safari 16 or higher, and Edge 109 or higher. As for those based on Chromium, it does not say, but I would dare to say that they are all since v109. Firefox is not mentioned, but it is mentioned on the official website passkeys.dev, although support is not complete.

And for the Linux users, right now only Ubuntu is mentioned and through Edge or Chrome, for which it is also necessary to have the equipment connected to a compatible key (more information). Regarding this, Linux users know perfectly well that wherever they refer to Linux, the name Ubuntu usually appears, as if it were the only operating system based on the Torvalds kernel. What can be done with one distro can usually be done with another, but it is worth going carefully.

Lights and shadows in 2023, less shadows in a few years

Having less than a year of life, and also with so few services that use it, My recommendation right now is that we forget for a while of these PassKeys. Because? Simple, you have to think about what could happen: if we only have one compatible phone, we create a PassKey and we lose it, bye bye whatever. If we use Linux, like most of our readers, we have to depend on the key, and if we lose it... zero patatero; inaccessible account.

When will they be the best option? In a future where we have multiple compatible devices. Not one, not two; practically all. Or all of them, directly, to save us from having to do some incident.

What can happen

For example, right now I have the laptop I'm writing this article on, a tablet, a mobile phone and another older laptop nearby. None of the laptops can create PassKeys, and you should trust the mobile and the tablet or the key. To me, who likes to play it safe, two compatible devices do not seem enough. In fact, when we have important documents, it is said that we must have a copy of them in at least three devices/discs/drives. Besides, without the key I can't access anything from the laptops.

Suppose, in the same example, my laptop has a fingerprint or facial reader or I have a key that supports FIDO2 and is already compatible with PassKeys. In that case, with three out of four, and given the low probability that the three devices will break or lose, it may already be a good idea. Of course, leaving aside the debate that some may think that it is not good that they control our biometric data so much, a debate that has been in the fore for almost 10 years, when Apple popularized fingerprint readers on iPhone 5s

And be careful with sharing a device linked to the PassKeys

Another point to keep in mind is that, in the same way that someone with our PIN can see our WhatsApp conversations, that person could also access any service in which we are registered, since the PassKey is saved on the device. For me it would not be a problem because my devices are touched by me and only me, but it can cause headaches for those who usually share.

Google says:

Important: By creating an access key, you agree to a passwordless login experience. Create passcodes only on personal devices you control. Even if you sign out of your Google Account, once you've created a passkey on a device, anyone who can unlock the device can sign back into your Google Account with the passkey.

Probably all this will improve even more in the future, but now we are facing the news that it has started to be available, nothing more. I think you need them at least 5 years to standardize, and at the moment I just think that I don't know what to think. Or yes: thanks, but no thanks... yet.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Miguel Rodriguez said
    ago 12 months

    And God forbid, if someone has an accident and loses a limb that is read as biometric data or their face is slightly deformed due to injuries, then?

    Reply to Miguel Rodriguez