Passkeys: Four Problems with the Supposedly Simple Password Replacement
Passkeys, designed to be a more secure and user-friendly alternative to passwords, face several challenges in their implementation.
While passkeys offer enhanced security by using device-based biometric authentication, inconsistencies arise across different platforms and browsers. For example, logging into a website like PayPal with a passkey varies depending on whether you're using Windows, iOS, or even different browsers on Android. Android developers face particular challenges in ensuring consistent passkey functionality.
Another issue is the browser-specific nature of passkeys. Creating a passkey in one browser may not guarantee its seamless use in another. While password managers like 1Password attempt to bridge this gap, complexities persist. For instance, a passkey created in Firefox might still be registered as Firefox-specific, even if it functions across other browsers via the password manager.
Furthermore, tech giants like Google and Apple often prioritize their own passkey management systems. Users might be steered towards iCloud Keychain or Google Password Manager, even if they prefer alternative solutions. This can create confusion and disrupt the user experience.
Finally, despite the goal of eliminating passwords, most services still require users to create a password alongside their passkey. This defeats the purpose of enhanced security, as passwords remain a vulnerability for potential attacks. This issue is discussed in articles like 9to5Mac Daily.
These challenges highlight the need for greater standardization and user experience improvements to ensure passkeys achieve their full potential as a secure and convenient authentication method. For more on Apple's approach to security, see Apple's Health Focus: Wearables are the Future.