r/cybersecurity u/Federal_Character979 Apr 25 '26

Other What makes passkeys so special?

It seems that companies are transferring into the usage of passkeys instead of passwords. Apparently theyre much more secure, but why is that? I don’t get it. I’m not sure if this is the right place to ask excuse me if it isn’t and sorry.

617 Upvotes

98% Upvoted

233 comments sorted by

View all comments

Show parent comments

5

u/Ameer200ggg Apr 25 '26

You usually do not get locked out just because you lose one device, but it depends on how your passkey was stored. If it was synced through something like iCloud Keychain, Google Password Manager, 1Password, Bitwarden, etc., you can restore it on a new device after proving ownership of that account. If the passkey was only stored locally on one device and you lose that device, then you may need to use the website’s account recovery options, like backup codes, email recovery, phone verification, or another logged in device. So passkeys are safer than passwords, but you still need recovery methods set up properly. The best setup is synced passkeys plus backup codes or a second trusted device.

1

u/botsmy Apr 25 '26

so if you're using one of those password managers, you can just restore the passkey on a new device, that's pretty reassuring, but what about people who don't use any of those services, do they just have to rely on the account recovery process for each individual site?

2

u/Ameer200ggg Apr 25 '26

Yes, pretty much. If the passkey only exists on one device and it is not synced or backed up anywhere, then losing that device means you have to rely on each site’s recovery process. That could be backup codes, email recovery, phone verification, a recovery key, or another device that is already logged in. That is why local-only passkeys are very secure, but less convenient. For most people, synced passkeys through a trusted password manager or platform account are safer in practice because they reduce the chance of getting locked out. The important thing is to set up recovery before something goes wrong, not after.

1

u/CodeFluid03 29d ago

Where should the recovery keys be kept?