The announcement post from Fastmail does a good job at listing the advantages of Passkeys over passwords: replay resistant, database-leak resistant and fishing proof.
- database-leak resistant: if i'm understanding this correctly, this means a leaked database on the Fastmail side wouldn't compromise your Fastmail account? It's hard for me to imagine a situation where a compromise is serious enough that passwords are leaked, but nothing else?
- phishing proof: don't password managers already do this?
Re replay: No, because once someone has your password they can replay it as many times as they want. If you use your passkey on a compromised computer, the intercepted credentials can’t be reused.
Re DB leak: No, you the concern is reused passwords (or similar passwords) from a different site.
Re phishing: Yes, but one of the FUDs against passkeys is that they lock you in to a vendor. There is no more lockin than if store your passwords in a manager.
Do you manually check every site's SSL certificate before connecting? If not, how can you be sure there's not a MITM/Replay attack ongoing right now?
Very commonly user databases are the one being accessed for some reason, resulting in user data + salted passwords released.
How so? I can social engineer an employee to give me the password for a site they have in the password manager. I can't make them give me the passkey because they can't do that. It's not something you can paste in a chat.
From a security perspective, not being able “paste into chat” is a fundamental feature of passkeys. The whole point is to prevent a static secret which can easily be copied by an attacker, memorized, phished, or re-used across sites.
They sort of solve all these problems with a simpler implementation. But the disadvantage of passkeys is that you are dependent on a tech implementation ecosystem to use them, such as your phone, cloud keychain, etc. In practice, for a lot of people, that will mean tighter dependence on the smartphone, which is rather asinine as people should have the freedom to choose life without a big tech company providing for their needs.
Password managers such as Bitwarden and KeepassXC support creating and using Passkeys for accounts.
Presumably, you are already using a password manager at this point. Memorizing dozens of account passwords is not suitable for maintaining strong passwords.
Also, passwords still exist as a fall back if you need it, such as a situation you don’t have your device available. And not all accounts have to use passkeys.
Passkeys are effectively like ssh keys. Do ssh keys “lock you down” to specific devices? Sure they absolutely do unless you generate more keys or have some key management/sync workflow.
Password managers are phishing resistant. The browser plugin will not offer to autocomplete passwords on an identical-looking punycode domain.
A sufficiently long, randomly generated password is also database-leak resistant. Good luck brute-forcing a 128-bit random string, hashed with scrypt or whatever.
So the only significant advantage is replay resistance. Which might or might not be a big deal, but let's not overplay the advantages.
> Password managers are phishing resistant. The browser plugin will not offer to autocomplete passwords on an identical-looking punycode domain.
True … but the reaction to this by the vast majority of users is to go "stupid password manager autofill not working again", and copy and paste their password out of the pw manager and paste it straight into the phishing site…
Well, IME this tends to happen on "let's be super secure and disable or otherwise break the login fields" sites, so I'm not sure these people will bother implementing actually useful security measures.
The phishing resistance isn't that straightforward in practice. It requires using browser extensions, which some people avoid for understandable reasons (poor security track record compared to everything else about password managers, and some of them just aren't very good). Many services use multiple domains (my bank has a .com, a .org, and several third-party vendor domains where you might be expected to enter your credentials), so many people who don't know how to update their password manager entries are probably in the habit of manually copying info into places where it doesn't autofill. And speaking of places where it doesn't autofill, the vast majority of mobile app developers seem to be unaware of things like autofill hints for login fields and apple-app-site-association.
The “database leak” argument is wider, though. It applies to password reuse (or systematic generation) and a leak from another site - which, may be stored in plaintext, or otherwise has a compromised login procedure that leaks passwords regardless of how it’s stored for validation.
You could say - and rightly so - that a person who reuses passwords invited whatever pwnage they get. But these people walk among us, do not use a password manager (often because not tech savvy enough), and passkeys are usable for those people.
Are password managers resistant to social engineering? You can copy & paste a password to a "support chat" from the manager. You can't do that with a passkey.
The password is only resistant if the one storing it is following best practices, which are NOT enforced and you really can't check for from the outside.
Well if we're talking about social engineering, I don't think it will be difficult to convince the support guy at most companies to disable passkeys on the target account altogether. :(
If you can engineer "the support guy" then you can do a lot more than disable one passkey.
I'm talking about engineering on the other side, the person who has the password and uses it to log in. You can't social engineer Miriam from Accounting to give their passkey, you can do it with a password.
- replay resistant: doesn't ssl already ensure this?
- database-leak resistant: if i'm understanding this correctly, this means a leaked database on the Fastmail side wouldn't compromise your Fastmail account? It's hard for me to imagine a situation where a compromise is serious enough that passwords are leaked, but nothing else?
- phishing proof: don't password managers already do this?