Passkeys - The END of Passwords

Подписаться 320 тыс.

Просмотров 131 тыс.

50% 1

🔥 Go to bit.ly/37su9oh and use code reneritchie to get a free 100 pack of blades when you purchase your Henson Razor - Make sure you add both the 100 blade pack and the razor for the discount to apply!
Apple announced their passkey implementation at WWDC 2022 - iOS 16, iPadOS 16, macOS Ventura and iCloud Keychain. And... you know that feature that automatically fills in text message tokens for you, the one that everyone on Twitter says should get the team that made it a raise. It’s basically a meme. Yeah, passkey’s is being driven by that exact same team, with every bit as much thoughtfulness and delight. And as part of the same, familiar, auto-fill interface and experience all of us have been enjoying for a good long while already. Here's how it works!
* Google, Microsoft, and many others are also part of the FIDO Alliance and will be implementing passkeys pretty much everywhere... eventually!
🔔 SUBSCRIBE ru-vid.com?s...
🍪 Latest Apple Silicon: • Apple Silicon Deep Div...
🙏 PATREON THANK YOU!
Get access to exclusive Discord, previews, even your name in this description or credits! / reneritchie
Kyle Giglio, Sven Jasper, Aziz Rahman, Josef, Dude, Christopher Wiggins, Martin Perry, Mark Lussier, Daniel Pasco, Rod Gray, Richard Urbano, Shashank, Chad Potts, Paco Arango, Ryan Parman, John Malkin, Rick Vink, James Hillhouse, Brian Jones, ChzhdTech
🔗 LINKS
🗂 CHAPTERS
0:00 - Passkey Announcements
0:18 - Curren Password Problems
1:20 - Passkey's Promise
1:31 - Password Exploits
1:50 - Apple's Passkey Announcement
1:58 - Google's Passkey Announcement
2:11 - How Passkey Integrates with Auto-Fill
2:40 - How to Create a Passkey
3:23 - How Passkeys are Secured
5:39 - How Passkeys Sync
5:52 - How to Share a Passkey
6:04 - How Passkey Handles Multiple Accounts
6:30 - How Passkey Handles Multiple Platforms
6:44 - How Passkeys Work with Password Managers
7:17 - Passkeys and High-Level Targets
7:39 - How Passkeys Work with a Device You Don't Own
8:14 - What if You Lose Your Passkeys?
9:19 - The Future of Passkey
🚨 ETHICS & DISCLAIMER
This channel does not produce sponsored or paid reviews. Companies occasionally loan sample products to facilitate reviews but provide no payment and get no editorial input, content approval, or advanced previews. They see them for the first time when you do.
Links may contain referrals for affiliate programs that provide this channel with a tiny commission should you make a purchase. They likewise receive zero editorial input or consideration.
🍎 Some video and images courtesy of Apple Inc.
📷 Some video and imagery supplied by Getty Images and/or AP Archives
🎸 Some music supplied by Epidemic
MORE
⭐️ Nebula: nebula.app/reneritchie
🐦 Twitter: / reneritchie
📸 Instagram: / reneritchie
🌎 Web: www.reneritchie.net
🍎 Podcasts: apple.co/reneritchie
🌥 Overcast: overcast.fm/p1644160-NUVafv
👖 Pocket Cast: pca.st/reneritchie
Thanks for watching, see you next video!

Наука

Опубликовано:

27 май 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 363

@NoBody-ks3co Год назад

I secure myself by having a low credit score and being completely irrelevant and I have never once had an issue with stolen passwords.

@mbizozo6271 Год назад

Same

@captain_crunk Год назад

I take the added step of ensuring my bank account is empty.

@mushroomtits8387 Год назад

CapitalOne credit limit is $350 and I have the number I call 4 chargeback on speed-dial...Good LUCK HACKERS!!!

@lang6626 Год назад

Wow people are smart here

@adamtajhassam9188 Год назад

low credit score doesnt really help anyone . Just a sorry excuse to be dumb. or look smart .

@Anotherpodcast Год назад

Beautifully explained, Rene. I learned the basics of public-key encryption (private key, public key, encrypt/decrypt, sign) back when PGP popped up on the general geek radar - I owe that to Wired magazine - and that understanding plugged straight into this.

@kevinlovestech Год назад

An incredibly well done and explained video! This really helps people understand why this matters so much! Definitely sharing this far and wide! Thank you Rene!

@ReneRitchie Год назад

Thanks so much for watching!

@CrushedAsian255 Год назад

What’s the heart in the top of the comment?

@tdrg_ Год назад

@@CrushedAsian255 super thanks

@adp98761 Год назад

I've been waiting for the day that passwords became a thing of the past. Public/private keys are a great solution. Being a Microsoft cloud architect, I've been using Microsoft Authenticator and Phone Sign In over FIDO2 for a couple of years now. It's so much smoother than entering passwords. Passkeys are going to take it up a notch...

@conradofmc_ny6706 11 месяцев назад

What about if I lose or break my phone? Or computer?

@adp98761 11 месяцев назад

@@conradofmc_ny6706 you can set up a Yubi Key as a backup.

@elvisluvaton5078 Год назад

This is so welcome change. Need to rely on password managers and creating site specific passwords, when requirements differ a lot, is huge pain in the backside. Great change and good introduction. Thanks!

@CyberMedics Год назад

Laid out extremely well. Please continue to emphasize what happens when you lose the device that has the passkey. With no backup recovery the account is lost. Subbed and liked....super content thank you.

@rebeccameek873 Год назад

Great explanation of the future of security of devices, and websites etc 👍🏼

@fuori_piste Год назад

Great video! As I had questions, you simply answered them all. Talent

@rplaughl Год назад

This was really helpful, thank you for making this video!

@michaelwood3205 Год назад

Very well explained. Kudos.

@GersonHM4 Год назад

Thank you so much for explaining, yeah I was a bit reluctant at first, it seemed kinda an unsafe way to sign in cuz it sounds too simple, but now It sounds like a big improvement, thanks again for taking the time to explain to us, to regular people. I can't believe it, usually security and productivity dont go on hand, but now the future of digital security looks brighter

@aaron1932 Год назад

Thanks for this video. It's like it was made just for me since it answered so many questions I had about this. Can't wait for it.

@DonaldPerreault Год назад

Nice shirt Rene 👍🏼 Great video as well!

@danno5645 Год назад

What about someone logging into your iCloud account and gaining access to all of your pass keys? Will iCloud be protected in a different way than with a password with the system? Or will iCloud use a pass key? How would that work? I’m imagining someone phishing the iCloud account or something like that and then getting access to all of your sensitive login information.

@adaminjp Год назад

I would prefer an offline keychain vs using iCloud Keychain.

@balegdeh. 5 месяцев назад

literally why

@MarbsMusic Год назад

Some of us Network and Unix admins have been enjoying SSH keys for many many years... can't wait to see similar technology replace passwords. For most people they grossly insecure...

@Nooumy Год назад

So excited for this future i got hacked once forget my accounts so many times couldn’t even think how many thanks for this awesome vid

@jc_alpha Год назад

Such an excellent explanation, thank you!

@marsgizmo Год назад

Yes! Passkeys will be very helpful! Will probably take a bit, but can't wait to get rid of all my passwords!

@Kevdog1920 Год назад

Same

@terranceblount5959 Год назад

Great work as always, Rene! Was curious on this topic and now RR has spoken! 👏🏽 🙏🏽

@ArthArmani Год назад

Passkeys is probably the best update that comes out on the new macOS, can't wait till all websites adopt this.

@ScrapyHD Год назад

The second apple announced this I was wondering if it needed to be supported by each website, hopefully the FIDO alliance creates something that's plug and play so this can be adopted quickly. I've had enough scares of forgetting my 2 factor app password. Thanks rene!

@Nur__ Год назад

that's going to be key. If it's plug and play I see no reason why everyone shouldn't be using it. Fingers crossed tho!

@ChristopherTurner Год назад

Yes and no. So the Fido Alliance has implementation documentation(which isn’t that great), so it’s up to each application to implement it in a way that’s fits with their current IAM architecture.

@jonmarc876 Год назад

I love this new step forward to eliminate passwords. My biggest concern is the last question you answered. They’re lots of situations where I might need to sign into an account when I don’t have my phone on me. I’m curious to see how that will be addressed in future.

@philamavikane9423 Год назад

In the future you’d die immediately if you don’t have any passkey on you💁🏽‍♂️

@baris5404 Год назад

with backup keys, hint: they look like one time use passwords

@goodtoshi Год назад

Most likely a recovery passphrase will be the answer

@DBE008 Год назад

Probably iWatch will have that option and many people wear watches nearly all time to many many place’s.

@michaellatta Год назад

As pointed out by one RU-vidr, I hope passkeys can be secured by more than biometrics. Ideally things like bank passkeys or such will allow a password to be required in addition to biometrics. In particular since law enforcement in the us and border patrol can compel you to unlock a phone with biometrics, but not compel a password without due process. If only biometrics it would give full access to all your apps/sites.

@ReneRitchie Год назад

I cover this in the video! It can be device/system passcode or password

@jbscpa Год назад

Remember reliance on something that cannot be changed, like biometrics, is a mistake.

@jamesdean5631 Год назад

Passkey is an alternate application of RSA encryption. I like it. Someone just looked at the problem from a different angle and reapplied our widely popular encryption.

@canosisplays5152 Год назад

This was a great Rene.

@alexwr Год назад

I think I'll stick with an offline password manager, rather than trusting huge corporations to keep my passkeys safe, given that they seem incapable of keeping any of my current data safe, as the iPhone and Google's implementation of Android is closed source, we are still trusting them even when they tell us all of this stuff is 'end to end encrypted' we have no way of verifying that, so we're not gonna do it.

@firdaushbhadha2597 Год назад

Couldn’t agree with you more. Apple has tried to build this aura of trust for the past 5 years o so, had they done something cool password manager wise, I may have gotten on board with their on-device-first design. But, when Google and Apple and Microsoft are getting together…..my heart tells me it’s not going to benefit me as much as it’s going to hurt me.

@sethchalnick5113 Год назад

...Especially when you look who is on the partner list with the Fido Alliance. My question is how "conveniently" will this work with your green pass? Once everybody opts in, if you turn red, no passkey for you. No?

@dansanger5340 Год назад

When did Apple say there would be no lock-in? It would really suck if I created an account (or many accounts) on my Mac and then could never log in on my Android phone or Windows PC because Apple doesn't allow the passkey to be exported. And, if they do allow the passkey to be exported, that weakens the security advantage of passkeys, because it could become vulnerable to attack. Does the FIDO2 standard define a way to securely move passkeys between devices and ecosystems?

@laikmoshwa1028 Год назад

this means having you phone and 6 digit code stolen, will allow full access to all your online accounts, at least with the current system if that happens I can rush to change my passwords while the attacker is trying to use the ones stored in keychain, this way I have no way to login while my phone is stolen, and can't prevent the attacker from accessing anything

@shadow.banned Год назад

Get it done.

@michaelplaczek9385 Год назад

Very informative!

@molillaney7286 Год назад

This is all great but how do you use your accounts across platforms.

@johnsmith9720 Год назад

Good explanation

@phonepup06 Год назад

The “oh thankfully tech support called at just the right time, and I know they have the right details since I gave them my password” and the “thankfully I clicked that link that wasn’t spelled all the way correct” had me dying 😂😂😂 I cannot wait for passkeys; so,etching I don’t see a lot of people talking about is that apple actually had some information on this last year (not in the main keynote I don’t believe). I’m sure this’ll alls he’ll increase the speed of logging in

@Tech-geeky Год назад

and if PassKey gets hacked.? oh sorry, we only believe info that's we know about in public. we should look at what can be possible, not just what we know about in the public space...

@alexbishop5870 Год назад

…So three months after you made this great video - my brand new IPhone 14 pro max has exactly one passkey - Yahoo (apple, google and amazon are not offering this yet - any idea when they will? I’ve spent the last hour looking through my Apple ID, google accounts and amazon apps looking for the passkey options. Last night Yahoo offered me this option and it was soooo easy!

@tuckerjeffrey Год назад

Thanks so much for the video. I hope Apple gets this Passkey to work easily and correctly. I’m sick of Passwords and hopefully this will be the death of them. Thanks Rene..

@ReneRitchie Год назад

Same, same!

@albertreed966 Год назад

I like your shirt! I am notorious for not remembering My passwords and it sounds as if I am about to be saved with passkey....I sure hope so because there are multitudes of web sites that I would love to explore but don't because of passwords requirements. Even if I store passwords on another password storage site, I have to remember a password to get into that site so, I'm back to square one. I don't use my devices to do business. I mainly have a curious mind and I might think of something that I want to learn about or learn to do and, don't because I have to remember a password, it's that simple. Keep up with your good work and keeping us in the know about what we might get to know!

@ajohnwiersema Год назад

Love my Henson Razor! (And apple keychain)

@BreakTime10101 Год назад

Video is working now. Rene, what happened to your podcast Apple Talk with Georgia Dow?

Год назад

How will the android/google passkey manager know what is the private key stored in my iCloud keychain?

@colinreece3452 Год назад

So if I use someone elses PC and authocate my passkey to use it can I see their details, for eaxample loog in to their bank account?

@WineWorldTV Год назад

Seems similar to Steve Gibson's SQRL. Though I haven't kept up with it in a couple years so I don't know if both are on par with each other. Looking forward to a passwordless future though.

@eastmanwebb5477 Год назад

The main difference is SQRL only requires the user to maintain one private key that is used to generate unique private keys for each site in the background, while the FIDO system requires a different random private key for each website that needs to be managed separately. The SQRL solution is better in this regard. Steve Gibson discussed the differences in detail in his podcast Security Now, episode 874.

@Hermiel Год назад

@@eastmanwebb5477 Another major difference is that SQRL places the locus of control and hence ultimate responsibility in the hands of the user by way of a master reset key. There's nobody to go crying to if that goes missing. I like this arrangement.

@David-G Год назад

Great video, I’ve been watching you for years love you Work when do you expect us to come into play?

@allanwilmath8226 11 месяцев назад

The obvious problem with this setup is icloud keychain, or more specifically storing the private keys in the same device you are using. It's impossible to store something truly securely on a computer that the user has access to. Really need to be supporting hardware like Yubikey. This problem has been around for decades, this solution has been for 15 years. Take your time guys! Maybe working on this would have been more constructive than me-mojis?

@katbryce Год назад

Will it be possible to sync passkeys between Apple and Google? I have my passwords saved on Apple keychain, and on the Google equivalent, because I use both in my daily workflow.

@ReneRitchie Год назад

Yes, that's in the video! Apple, Google, Microsoft and others have committed to making their implementations cross-platform or migratable

@SamarSunkaria Год назад

-AFAIK, no.- Not currently, but we may see that in the future. For now, you will need to create a new passkey for each platform. The website/service you are using should provide support for associating multiple passkeys to a single account. However, you can still perform the authentication over bluetooth using the QR code if you only have your passkeys on a single device.

@LeonardoDeVinci1452 Год назад

My problem is requiring passwords for things that don't need them. like downloading free software or accessing certain websites even testing programs that don't need credit cards. These are just another way of keeping track of you for marketing purposes.

@BigMoney23223 Год назад

My brain hurt for all the inside jokes at the start of the video

@LeleSocho Год назад

The "what if one just emails the qrcode?" question was the last doubt i had about passkeys, now that my doubts are gone i can't wait for them to be adopted

@stratvar Год назад

Are passkeys susceptible to session hacking/session highjack though?

@grahamevans8567 Год назад

This is so cool!

@jeffhale1189 Год назад

Thanks…very helpful explanations. I look forward to this feature. Blessings on your day.

@ReneRitchie Год назад

Thanks so much Jeff!

@chriscoop Год назад

What if I create an account from my iPhone but then want to login on my Mac using Chrome or Brave? Does Apple share the passkey with those apps?

@ReneRitchie Год назад

That's in the video! Passkeys sync over iCloud Keychain to all your logged-in devices

@chriscoop Год назад

@@ReneRitchie OK thanks! I didn’t know if it only sync’d with Safari.

@gerardofaustin8156 Год назад

I LOVE YOU PASSKEYS !!!

@whogotpwned Год назад

Thank you very much. There are a lot of explanations on YT which tell you "You just need FaceID / PIN (whatever) and there is no need for passwords at all. Rest is magic". Thanks for explaining it from a more technical perspective.

@JamesEzell Год назад

Can’t wait

@ciprianadrian2123 Год назад

I'm on Google Advance security program . I much rather change a 30 $ secure key than a whole expensive device

@underconfident_asmr Год назад

So....what happens with certain sites/accounts that require it's users to change their password every so often? Does the device present an option for the system to reissue/change that public key for this situation to work out?

@redsoxers Год назад

There’s no point to requiring a reissue/change of a public key.

@Nur__ Год назад

@@redsoxers Xactly

@andyH_England Год назад

It is a Passkey not password so this avoids the pain of changing your password every so often.

@adp98761 Год назад

Also, password changes are inherently an insecure method of protecting identities. People are lazy, meaning that new passwords are generally weak and often follow patterns. A better method is not changing your password, and instead using a token to prove your identity. Something you know + something you have can protect you better than just coming up with a new password every 90 days.

@scott1414 Год назад

Man! I can’t believe that I just bought the titanium razor from Henson Shaving that Rene talked about in this video! I’ve struggled with shaving my whole life. Heavy beard. This may be what I’m looking for!

@RozemVlog Год назад

What if your iCloud account is compromised well the person managed to sign in to google account?

@Fatchoi27 Год назад

I Have Already Done it on iOS 15.6 Beta.

@151balance Год назад

“like an animal” I love it 😆

@hughlynas6219 7 месяцев назад

What about different operating systems, web browsers? Do I need a different passkey for each operating system to open a website? You touched on Windows but you were mainly talking about Apple products - I work with Windows 10 and 11 on different devices and I have an iphone - now we are talking about Edge, Chrome, Firefox, Opera, Apple browser. The private passkey is stored where? icloud? Dashlane? or? How do I direct where it is stored? If it is Dashlane does that mean as long I have Dashlane on all my devices only one passkey across all devices for each website will be necessary? Same with icloud? If I don't have either where is it stored? a different passkey for each device for a single website? These questions not addressed here, or anywhere else that I can find - all the articles on the subject of passkeys are vague on these critical issues.

@Nikos10 Год назад

Does passkey work with iOS 16?

@megajonson9075 Год назад

Is the passkey as safe as a physical security key if you also have it stored in your iCloud keychain? I understand it would be as safe if the private key is only generated and stored in the secure enclave of your phone or computer (given that you trust that equally to a physical key), but I assume it would have to be a backup stored in the iCloud keychain if you want the portability and recoverability benefits compared to the physical security key. That seem to make the physical security key still an alternative if you believe the iCloud keychain can be attacked. Still a huge leap forward for most of us, but still less (to what degree?) secure than a physical key.

@ScotowVideos Год назад

What's the difference between Passkey and WebAuth (integrated in iOS 15)?

@ReneRitchie Год назад

Passkey uses WebAuthn on the server/app side, right?

@SamarSunkaria Год назад

WebAuthn on iOS 15 introduced system-wide support for security keys (like YubiKeys). They also previewed passkeys (on device public/private key authentication) that synced over iCloud, but didn't have the rest of the functionality to allow it to work across platforms. iOS 16 actually introduces passkeys; which crucially have support for authentication across platforms over bluetooth. If you are interested in the details, you can learn more by watching the "Meet passkeys" session from WWDC22. P.S. "passkey" is a common noun, so no need to capitalize it.

@firdaushbhadha2597 Год назад

@@SamarSunkaria thank you 🙏

@caje25 Год назад

So in the use case that a server is compromised and the public keys are stolen, could a malicious website present the same login challenge, and the user would not know they’re logging in to a malicious website? How does the device ensure that it’s logging in to the correct site, even if they have the associated public key? Presumably the private key is somehow tied to the relevant site’s domain, so it can’t inadvertently be used on the wrong site?

@andyH_England Год назад

If you have already authorized on the correct website then the AI will not allow Passkey on a fake website, but of course if you setup Passkey on a fake site then that would be an issue. I assume there are notifications showing on your iPhone if you have just used Passkey and other security.

@maikaimakena9424 Год назад

The King 👑 of RU-vid ⚡️🤙👊

@tuams Год назад

I'm kind of wondering if passkeys create some sort of an unique identifier that can be tracked? If Apple implements it, will it allow to create several passkeys for several uses? Like creating a work passkey and a home one? Also if this would affect the data harvesting and increase privacy in closed echo systems?

@redsoxers Год назад

This has nothing to do with or connection to tracking.

@olioli6165 Год назад

@Rene Thanks for the link for the link, really appreciate.. but we will still be in the mess with the devices passwords and sim cards, for us who wtill young with grey hairs our brain still can remember our devise password when they ask for after an update or an other mess with touch ID or Face ID but older people like my mom is starting to be the hell. Per device is at lest 2 passwords, a new user using a Mac with iCloud is at least 2 passwords to remember, same for an iPhone. But as you said passkey will be now cross platform do you know if that will work for the Notes who was made on a Mac and then open on an iPhone? Spent 5 min to rewrite my mom password on her iPhone and noting was working until that bing me that i made this note on her Mac and use this password to open the note and it's was working! Continue your work you are Amazing!

@pacomacman Год назад

All well and good if you are only using iOS and never need to login on Windows right?

@redsoxers Год назад

Wrong. It’s a standard, not an Apple proprietary implementation

@TheRealJocoCourter Год назад

I’ve tried to watch your video several times today and it won’t load :(

@mokiloke 11 месяцев назад

What if someone grabs your phone while you are on it (like all the time), and runs off. Big score? Access to everything?

@simpleffective186 Год назад

But i am sending a signature/solution to the server so can't *that* be intercepted by the hacker?

@SimonHodgkiss Год назад

How are PassKeys going to work if your Mac is not supporting the new version of Mac OS will I get the QR Code I can scan with my iPhone?

@redsoxers Год назад

The operating system has to support PassKeys.

@SimonHodgkiss Год назад

@@redsoxers from my understanding it didn’t seem that was the case. How do you login if your OS doesn’t support PassKeys? Are you not able to move to using them in the first place then?

@redsoxers Год назад

@@SimonHodgkiss Because you have to have some operating system component to make and manage the keys.

@SimonHodgkiss Год назад

@@redsoxers yeah I could use my iPhone / iPad to manage them and the hopefully be offered up the QR Code sign in function on older Mac maybe right?

@redsoxers Год назад

@@SimonHodgkiss Yeah, that would work fine.

@slothgirl2022 Год назад

I use Yubikeys and FIDO Yubikeys for as much as I can. Even my macOS login is protected with a yubikey.

@ReneRitchie Год назад

Would you want to give them up for passkey?

@slothgirl2022 Год назад

@@ReneRitchie Well, my FIDO Yubikeys are functionally identical as Passkeys. The nice thing is Passkeys require no extra hardware such as one of these keys. The iffy thing for me is it requires a lot of faith in Apple to keep the private keys secure as they are out of the users' hands. I'm sure I'll use Passkeys wherever possible as time goes on.

@michaelraiwet Год назад

Rene, what’s the difference from Sign In with Apple?

@SamarSunkaria Год назад

OAuth (like Sign In with Apple) hands over the user authentication to a third party like Apple, Google or Facebook. Passkeys do not require a third party service in the loop.

@michaelraiwet Год назад

@@SamarSunkaria thanks for the clarification

@stancartmankenny Год назад

That's the same combination I have on my luggage!

@yeeisme Год назад

What was it again? "I tried to update all my passwords to Chuck Norris but every website told me that it was too strong!"

@ethanmenzel Год назад

Will ios 16 allow you to use their authenticator for all apps? I constantly make sure I’m as secure as possible with my passwords but I hate having to download Microsoft authenticator or other authenticators to go passwordless. I hope Apple makes it, so you do not need multiple authenticators to go passwordless.

@MOE7CO Год назад

How to use the passkeys?

@magicmanchloe Год назад

What I want to know is how passkey resets will work when people inevitably lock themselves out of there iCloud Keychain. In the past you could still get access to the account via remembering the password or resetting it via email or other authorization. How does that work if the passkey is tied to your keychain. Is giving access to friends or family access the only option?

@stephenfoster2532 Год назад

You wont forget because your password is your face or fingerprint. No more sharing passwords with family, the website will know that its you for sure.

@magicmanchloe Год назад

@@stephenfoster2532 bro, this is keychain we are talking about. Yes you can use biometrics on the phone to Authenticate but if the phone is lost or you forgot your iCloud password and get locked out what are you supposed to do. At the end of the day biometrics are just a secondary form of authentication. When your phone reboots it still requires your password. And when you set up a iCloud account your new device you still need to know your information. The amount of times people came into the Apple store bc they got locked out of their phones and or locked out if there iCloud account is ridiculous. I used to see at least three a day just during my shift at one Apple store.

@andyH_England Год назад

There will of course be recovery options that allow you to restore. Passkey is the future as it eliminates hackers to a major extent and it is clearly something we should all move to ASAP.

@magicmanchloe Год назад

@@andyH_England Never said it was a bad thing WebAuthn is great. But I have yet to hear someone explain how recovery works on this. It solves 90 problems with passwords and other authentication methods but The issue account recovery is still not well solved for.

@kkmnstr Год назад

Will passkeys work on my Apple Watch?

@mrki731 Год назад

Genius!!!!!

@Zanderthelab Год назад

Will I be logging in via Face ID or Touch ID? Or am I typing in a pass key? It sounds like what we already have. And I like making my own password. Not having my phone make a random and safer password…

@redsoxers Год назад

You use Face ID, Touch ID or the pin code to your phone. They’re three different ways of doing the same thing.

@BreakTime10101 Год назад

The video is not working for me.

@winninglifeyo Год назад

Working in cybersecurity passwords are the bane of my existence. Sure I do pen tests & ethical hacks. I spend so much time securing shit that ppl screw up bc they got phished or some shit. There is just a certain demographic (I won’t say which) that can’t learn good online security hygiene

@United_Wings Год назад

I love it

@RandomMoves923 Год назад

suppose you sell the device, the new owner have to ?

@krakatoasundra Год назад

since this private ley can be shared to loved one or stored by a third party, it seems like there’s a chance these privacy keys may be stolen.

@matthewoyan Год назад

Yeah, I think there's still a pathway for social engineering for passkeys that way, but I think it's still better than the username/password system we have right now

@Nur__ Год назад

maybe they can create another temporary key you can share, I'm not sure how it might work but it might be a solution so your private keys always stay you know PRIVATE.

@VMYeahVN Год назад

Yeah nothing is 100% foolproof, but this is like only one or two ways to infiltrate compared to all our current solutions having like 20 ways each to break in. So even though this isn't iron clad, it's still miles ahead of what we currently have.

@ericnicholls3955 Год назад

I can already hear a guy from Mumbai asking me over the phone to send my private key to him.

@Bigcoaching4u Год назад

So the phone hand set is going to be if it’s not already the most important thing you own and this is just the beginning

@christianrietbroek9246 Год назад

Sharing passwords is what is keeping me on 1Password. When Apple fixes that I have another subscription I can kill.

@andrewfigaroa7031 6 месяцев назад

I think that an impersonator can still obtain your public passkey, impersonate a popular site that the user uses... and create a legit challenge that only the privatekey on the user's device can authenticate with. Once connection is established, use reverse shell to transfer and obtain the privatekey, so now "the bad guy" has your privatekey

@SigururArniSvanbergsson 7 месяцев назад

Will this also work if I try to login to my father's brother's nephew's former roommate's computer?

@jeff2tc99 Год назад

I do all that on Microsoft system. Others need to get on board.

@-zerocool- Год назад

Still dont get it, how does the device know who i am without first logging into it with username and password? This sounds more like web3

@eliotcole Год назад

I don't have a phone. I don't want my security kept in the cloud ... what if I lose my private key?

@trumanhw Год назад

*How can a SERVER verify: Public + Private = (in)valid w/o having PW from which VALIDATE the RESULT!?*

@abbofun9022 Год назад

Hmmm, I still have that “it’s a house of cards” feeling a bit. Looks like there are so many components that ALL need to function for this to work. Mr Murphy is gonna have a party.

@ReneRitchie Год назад

Less complicated than 2-Factor, and that seems to be holding up?

@Shao526 Год назад

Many components that all need to function for this to work? It's too bad we don't have pocket computers to, you know, compute all of that information.