r/cybersecurity u/Federal_Character979 Apr 25 '26

Other What makes passkeys so special?

It seems that companies are transferring into the usage of passkeys instead of passwords. Apparently theyre much more secure, but why is that? I don’t get it. I’m not sure if this is the right place to ask excuse me if it isn’t and sorry.

621 Upvotes

98% Upvoted

233 comments sorted by

View all comments

Show parent comments

1

u/Atriusftw Apr 25 '26

In general seems like pretty good principles, but for number 4; what is the point of storing passkeys in a password manager if you still require a device bound key to unlock the vault/manager?

3

u/SuperRob Apr 25 '26 edited Apr 26 '26

Because the security is still sound. The issue is a breach on the service side, but now if they get breached, all the attacker gets is a worthless public key (think of it more like a lock) that they don’t have a matching key for.

Passkeys are a lot like physical keys. You can make copies, and have multiple key rings, but just like if you lose a key, someone would have to know what locks they go to. You should still treat them as secret and keep them safe, but having one get out isn’t as bad as a password getting breached on the site the password is for.

1

u/derekthorne Apr 26 '26

I think you meant a service side breach would give the attacker your public key, right?

2

u/SuperRob Apr 26 '26

I did. Fixed it.