Should You Ditch Your Passwords for Passkeys?

00:00

so our first question is from backfield

00:02

and they are a regular on our forum and

00:04

they ask uh so I'll ask you this one uh

00:06

what are your opinions on device bound

00:08

pass keys and how much more secure are

00:10

they compared to synced Solutions or

00:12

using them over the traditional username

00:14

password toofa with Ubbi key setup kind

00:16

of a big question and you made your big

00:18

pass Keys video on your channel so yeah

00:21

I know a while ago now but I do like

00:23

pass Keys um and I think that deviceb

00:26

pass Keys overall are a good thing um

00:30

because there's so many benefits over

00:32

even like um a password in a password

00:35

manager with top for example um even

00:39

though it's all software based uh pasis

00:41

have a lot of protections like fishing

00:43

protection that's really unbeatable uh

00:45

that sort of thing so for most people it

00:47

is a huge benefit in comparison to uh U

00:50

key you're giving up some theoretical

00:54

security because pass keys that are

00:56

device bound are going to be software

00:57

based and they can potentially be cloned

00:59

that sort of thing um that's kind of

01:00

like their main selling point really is

01:03

that you can sync them with like a

01:04

password manager for example and have

01:06

them on all of your devices it's a lot

01:07

more convenient than a yub key but a yub

01:10

key is really like an

01:12

unclonable device that you always have

01:15

that can never be like stolen or hacked

01:17

unless somebody physically steals it

01:19

from you so there is that added security

01:22

benefit there I think that most people

01:24

are going to be fine either way so I'm

01:26

not going to like tell you that you need

01:27

to be using a UV key and you shouldn't

01:29

use like a password manager or um or

01:32

software pass keys that kind of thing

01:34

but there is uh there is a trade-off and

01:36

you just have to decide if it's worth it

01:38

is what I would say to that do you have

01:39

any other thoughts yeah I guess uh do

01:41

you use any pass keys on your end uh I

01:45

use pass Keys pretty much wherever

01:46

they're supported um I mostly use them

01:50

with my password manager there's just a

01:52

couple accounts that I have on Hardware

01:54

keys and of course my password manager

01:56

itself is secured with the hardware key

01:58

but the device limit is one it's also

02:00

just a matter of like I don't want to

02:01

have to find my keychain every time I

02:04

want to log into an account when I'm

02:05

like at home or somewhere else so it's

02:08

it's more convenient for sure and that's

02:09

a trade-off I'm willing to make for a

02:10

lot of accounts Fair yeah kind of the

02:13

assessment I've made on pass keys so far

02:15

is that they're really good to bring the

02:17

Baseline up for the average person but

02:19

if you're someone who's willing to do

02:21

username password plus UB key 2fa that's

02:23

still probably going to be better um and

02:26

so more of my accounts that a lot of the

02:29

accounts I have that support pass Keys

02:30

also support Ubbi Keys as a TFA method

02:33

so I've still been opting more for the

02:35

username password tofa even though it's

02:37

less convenient so I only have I think

02:40

two accounts that use pass keys and the

02:42

reason I do that is because they don't

02:43

actually have a good alternative uh

02:45

specifically one of them is omg. LOL

02:48

which is what I use for my personal site

02:50

um they pretty much have an email login

02:52

workflow and that's their only method

02:53

they don't have a password uh login

02:55

method and it's really inconvenient to

02:58

have to log in and put in an email wait

02:59

for an email verification link click the

03:01

link open it and then I think it auto

03:04

signs you out pretty frequently as well

03:05

so it's much more convenient because

03:07

I've been using proton pass to just add

03:09

the pass key and I think that's what

03:10

they're incentivizing with their

03:12

workflow is to try to get people to use

03:13

pass keys so um yeah definitely

03:16

providers like that it makes a lot of

03:18

sense to use them but can you think of a

03:21

use case why someone would want to just

03:24

migrate everything to pass Keys versus

03:27

just username password if they are using

03:29

a password manager like what's the

03:30

benefit there uh I guess it really

03:33

depends on like your password manager

03:35

experience I think that pass keys are a

03:37

lot easier for people um to like get

03:39

signed into accounts if you have a good

03:41

password manager that'll like Auto

03:42

prompt you every single time on all of

03:44

your devices um because a lot of

03:45

websites that support pass keys they

03:47

will prompt for that pass key right away

03:49

and it'll just you'll just get a popup

03:51

saying like do you want to sign into

03:51

your account and clicking yes is a lot

03:53

easier than like even autofilling

03:55

passwords registering that kind of thing

03:57

a lot of people I think struggle with

04:00

password manager not like within this

04:02

community probably but there's a lot of

04:03

people who like still find it hard to

04:06

like conceptualize keeping track of

04:07

passwords in a password manager and

04:09

having a different password for every

04:10

single account and I think that it's

04:12

easier um for them to just like switch

04:15

to an entirely new system that seems to

04:17

be more seamless it's just a better user

04:20

experience I think so I do like pasis

04:23

for that reason

04:24

nice thanks for watching this techler

04:27

clip this is actually a clipped version

04:29

of a full full length video that talks

04:30

about this topic a lot more thoroughly

04:33

so if you want to check out a lot more

04:34

digital rights content check out the

04:36

main techlore Channel and we'll see you

04:38

over there