Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

The Password is Dead: Here comes the Passkey

The Password is Dead: Here comes the Passkey

Old May 10, 2023, 9:41 am
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2002
Location: ORD
Posts: 14,200
The Password is Dead: Here comes the Passkey

Google this week enabled passkey support for everyone. Passkeys are touted as the password killer, at long last. Your phone generates a public/private keypair, and all you need to do is use that to log in without a password. It pretty much eliminates phishing as a threat since you need your phone to log in, and your phone needs to be physically close to the device you're trying to log in on (they communicate via Bluetooth).

I have tried it in a few ways and it's pretty slick. To log in on my computer, my computer shows a QR code that I scan with my phone, do FaceID, and I'm logged in. My password manager, 1Password, has announced they will start supporting cross-platform passkeys next month.

Here's an article: https://arstechnica.com/information-...rds-heres-why/
Visconti likes this.
gfunkdave is offline  
Old May 11, 2023, 7:40 am
  #2  
 
Join Date: Aug 2012
Posts: 6,727
Count me as a huge fan of the password-less log in world and, in my view, ought to be the future of how we log into our sensitive accounts.
Visconti is offline  
Old May 11, 2023, 12:04 pm
  #3  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 18,556
Just need companies and websites to start supporting it now... but that will cost them money, and for what benefit?
DYKWIA is offline  
Old May 11, 2023, 3:11 pm
  #4  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2002
Location: ORD
Posts: 14,200
Originally Posted by DYKWIA
Just need companies and websites to start supporting it now... but that will cost them money, and for what benefit?
I think Google throwing its weight behind it will do a lot for that.
gfunkdave is offline  
Old May 11, 2023, 6:07 pm
  #5  
 
Join Date: Jul 2006
Location: Upper Sternistan
Posts: 9,981
Originally Posted by DYKWIA
Just need companies and websites to start supporting it now... but that will cost them money, and for what benefit?
Better security is a plus for any company.
josephstern is offline  
Old May 11, 2023, 6:41 pm
  #6  
 
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,580
Eh... I hate 2-factor, especially phone/e-mail. The current setups with password-only logins, especially the useless C0mp1eX! requirements, needs help, but I'm not so sure this is the right solution. I still have multiple users in my office that can't handle SMS 2-factor authentication (seriously).

Smartphones haven't been reliable for me. Apple, Samsung, Motorola, all have been unstable for me. Overheating, locking up, spontaneously rebooting, and battery issues. Add in all of the things which have to go right for this to work and no thanks. Bluetooth's gotten better over the years but still isn't as seamless as it should be.

One of my condos replaced our 24/7 security guards with a "cloud" entry system where they want you to download a Chinese app to your phone to gain entry. Useless thing. For it to work: 1) There has to be power, 2) Their Comcast connection and router have to be working, 3) the gate system keypad/controller have to be working, 4) the gate system's cloud servers have to be working, 5) the larger internet has to be working, 6) the cell connection has to be working, 7) my phone has to be working, 8) the app has to be running and working. No thanks, I'll just enter the 5 digit code or copy of the barcode I made and go on my merry way.

I don't have a problem with it existing, but I don't see this as THE solution. It's just going to change the bad actors' targets from desktops to phones and Bluetooth. Anyone have a FlipperZero? After all, most people keep their entire lives on their phones, passwords, accounts, and all. Read up on the recent YouTube cookie / session hacks and it's not a stretch to port those type of hacks to infiltrate this type of system. At my office we use token (public/private key deal) + password, which is better than a password alone, but is far from infallible.

Originally Posted by gfunkdave
I think Google throwing its weight behind it will do a lot for that.
Given Google's extensive history of coming up with something and then getting bored and discontinuing it doesn't rub developers and programmers well. I personally spent many hours chasing my Google's ever-changing APIs before finally giving up.
lavedder likes this.
KRSW is offline  
Old May 12, 2023, 12:55 am
  #7  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 18,556
Originally Posted by gfunkdave
I think Google throwing its weight behind it will do a lot for that.
Apple have been supporting it for some time, and it's not really got any sort of traction as yet.
TGarza likes this.
DYKWIA is offline  
Old May 12, 2023, 8:33 am
  #8  
FlyerTalk Evangelist
 
Join Date: Apr 2001
Location: Denver, CO
Programs: UA Silver, Bonvoy Gold, Hyatt Discoverist
Posts: 21,470
Originally Posted by DYKWIA
Apple have been supporting it for some time, and it's not really got any sort of traction as yet.
Microsoft is also on the passkey train.
TGarza likes this.
pseudoswede is online now  
Old Jul 14, 2023, 1:51 am
  #9  
 
Join Date: Jul 2023
Posts: 15
this is actually my first time hearing about google passkeys and haven't seen any other articles referring to it. It'll probably take a while before smaller websites start switching over since the implementation will take time and if its even worth the effort. I can see this be useful for the bigger companies that already require 2fa anyway.
izint is offline  
Old Jul 14, 2023, 10:53 am
  #10  
FlyerTalk Evangelist
Original Poster
 
Join Date: Nov 2002
Location: ORD
Posts: 14,200
Kayak has supported it for a while now.

I use Google passkeys to log on to Google all the time. It works well.
gfunkdave is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.