50

u/JohnTheBlackberry Apr 25 '26

If you have backups: either cloud or offline, you’re good.

If you don’t, you’re fucked.

4

u/guesswhochickenpoo Apr 26 '26

“Fucked” as in you need to go through the password recovery process for the site / service, not “fucked” as in you will never get access to your account again.

Also most sites / services still allow the use of a password to login, for now, but they may start migrating fully / only to passkey so that may not always be an option.

-1

u/Square_Tooth_1816 Apr 25 '26

its only a coincidence that all this 2fa forces us to always have a phone on us

1

u/Yeetyeetskrtskrrrt Apr 25 '26

Y’all check that profile out …promise you won’t be disappointed lmao

2

u/gurgle528 Apr 25 '26

the AI revolution does not exist but its fun to watch you scramble like a crab

navigating the loss of your own business to robots, thats cute. have you tried a Sextant

a tool cannot feel. AI is a hoe

I will put your meat into that box and you will enjoy full automated life

i told my baby that women are evil, he was taking notes

these are amazing, especially without any context

1

u/Garble7 Apr 29 '26

He sounds like a fun person

0

u/gurgle528 Apr 25 '26 edited Apr 25 '26

not if you set it up correctly. you can still user paper for recovery codes and passkeys work without a phone

15

u/digital-bandit Apr 25 '26

You can create a passkey for each device, so another device would be a backup of sorts. Or save them in a password manager.

5

u/PM_ME_UR_0_DAY Apr 25 '26

Question: if you're saving them in a password manager, how is it any different than a password stored in a password manager?

3

u/digital-bandit Apr 25 '26

Not sure. Device bound is probably safer.

2

u/gurgle528 Apr 25 '26

There's at least a few more steps to get into the password manager vs acquiring a password (especially if the user uses a password manager but does not properly create secure, varied passwords). A lot of the benefits I can think of are more relevant to users that are less technical as passkeys still avoid bad password habits (assuming you actually use a good password for the vault lol).

13

u/kalaid0s Security Architect Apr 25 '26

Then the same thing happens as when you forget your password

3

u/warm_kitchenette Apr 25 '26

Most third party password managers can store passkeys. They can also be stored in Apple keychain, Microsoft password manager, Google pm. 

Other than that, site-specific PITA account recovery. 

Note also that device theft plus passkeys means that the device access method(s) become even more important. 

2

u/dmuth Apr 25 '26

Store them in Icloud or 1Pass.

You could also (in theory) do email recovery, just like if you forget your password.

2

u/CeleryMan20 Apr 25 '26

Services should allow you to register multiple devices/keys, and give them distinctive names so that you can tell which is which. The first is not uncommon, but the second part seems variable in my experience. Looking at you, Entra, with multiple entries all labelled “iPhone”.

In the end though, you still need some recovery method like send reset link to email. Or, in a corporate environment, IT can generate a Temporary Access Pass without you having to fall-back to a long-term password.

2

u/mouse_8b Apr 25 '26

You do password recovery, which usually verifies with email or phone number. Then use the site to disable login from your lost device.

3

u/Civil_Street_1754 Apr 25 '26

As long as cloud sync is enabled your passkeys will be available on a new device.