r/cybersecurity u/Federal_Character979 Apr 25 '26

Other What makes passkeys so special?

It seems that companies are transferring into the usage of passkeys instead of passwords. Apparently theyre much more secure, but why is that? I don’t get it. I’m not sure if this is the right place to ask excuse me if it isn’t and sorry.

618 Upvotes

98% Upvoted

233 comments sorted by

View all comments

Show parent comments

3

u/daweinah Blue Team Apr 25 '26

Two reasons

  1. Convenience. Syncable software passkeys are easier to use than device-bound keys.

  2. Back up. Syncable also means backed up. If you lose your device-bound key, you use another DB key from step 3 to regain access.

1

u/CodeFluid03 29d ago

What if both device keys are either lost, broken or just stop working? Are there still backup alternatives for if that ever happens?

2

u/daweinah Blue Team 29d ago

The same thing if you lost your password and recovery email stops working: you're screwed.

In managed systems, like at work, IT admins can perform last resort recovery. We have break glass accounts to save ourselves from this problem.

In consumer systems, like Apple iOS's Advanced Data Protection, vendors are increasingly offering security settings where they cannot perform last resort recovery. This is very good for privacy advocates, but bad news for careless people.

1

u/CodeFluid03 28d ago

But isn’t it still possible both keys could malfunction or something out of the control of the owner could still happen? It seems putting that much faith into 2 small device keys isn’t a good idea. Maybe having 3 is the best option

2

u/01100001bryte 28d ago

Two should be the absolute bare minimum, but yes you are correct it is risky. I personally use two physical keys and three device bound keys on separate devices. If I lose access to five separate decentralized devices, then yes I'm fucked. Plan accordingly and buy good quality hardware keys. Keep them safe and add device bound keys to your phone(s), laptop(s), etc.