We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Passkey confusion
Comments
-
Vitor said:- What happens if your phone is lost or stolen?-
You login with your credentials, satisfy the 2FA with the backup method and regenerate the passkey to store on your new phone.0 -
km1500 said:Vitor said:- What happens if your phone is lost or stolen?-
You login with your credentials, satisfy the 2FA with the backup method and regenerate the passkey to store on your new phone.
I'd like to replace my Bitwarden password access too, but it's not clear yet (at least to me) if that's fully supported.0 -
So how would you regain access to your main Google and Outlook accounts if for some reason you no longer had the devices that the passkey was on?
Why would you not have a strong password as back up?0 -
km1500 said:So how would you regain access to your main Google and Outlook accounts if for some reason you no longer had the devices that the passkey was on?km1500 said:Why would you not have a strong password as back up?
Passwords can be copied as you enter them into your device, eyeball, camera, key logging malware.1 -
Even in a “passwordless” scenario, Google expects you to have at least one alternative way of proving who you are. If you haven’t set up any recovery options (such as a recovery email or phone number), account recovery can become very difficult or even impossible. That’s why Google strongly recommends setting up a recovery email and phone number, even if you’re using passkeys.
If you’re especially concerned about security, avoid syncing passkeys through cloud services like Apple iCloud Keychain, Google Password Manager or BitLocker and instead use a FIDO-compliant hardware key (such as a YubiKey). This way, the passkey remains securely stored on the hardware key and never leaves the device’s secure enclave.
2 -
Vitor said:Even in a “passwordless” scenario, Google expects you to have at least one alternative way of proving who you are. If you really haven’t set up any recovery options, account recovery can become very difficult or even impossible, that’s why Google strongly recommends setting up a recovery email and phone, even if you’re using passkeys.
You'd hope that the other email providers encourage/insist on same.
0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards