what is your opinion on the "new" passkey release of google?

cb474

As far as I understand, they use public-key cryptography, the same as something like PGP or any proper end-to-end encryption protocol.

So basically, they're SSH keys? Except most current implementations don't give you access to the unencrypted private key, from what I understand.

I must admit I plugged the FIDO Alliance article into Kagi's Discuss Document tool after writing these three posts, and it affirmed what you've written. You can blame my lack of reading comprehension or the FIDO Alliance's obtuse method of communication, but either way, your explanation is much better.

One thing Kagi's tool emphasized was passkeys not using shared secrets like TOTP. I think that's a great improvement; public-private keys is a much more breach-resistant method of authentication. As you point out, even if the server is breached, they will only get the public key, not the private key. This also completely defeats credential stuffing attacks. A game-changing improvement over current methods of authentication for most people.

However...hardware security keys supporting FIDO2 U2F offer the exact same benefit and they have wider adoption currently and are more convenient (in my humble opinion). Of course, it won't stay that way. Very few users are going to buy a hardware security key, but modern society demands you have an Android/iOS phone today.

The weak link is the physical device, usually your phone, that stores the private keys and you need to have in your possession to get into your accounts. If someone has access to your phone and unlocks it, because you have a easy to hack pin or biometrics that aren't as hard to defeat as people think, then they have access to your accounts.

Same thing as password managers, which most people should be using. Most people protect their password managers behind biometrics, too, and their 2FA app is usually completely unprotected. This is no worse for most people. As you mentioned, physical attacks are rare anyway.

One thing that's super confusing about the way passkeys have been promoted is the claim that they represent the end of passwords. That's true on the back end. The mode of authentication bettween client and server no longer uses passwords, it uses public-key cryptography which is fundamentally different and just is not a password in any way shape or form. But the end user will still have to unlock their phone or a password manager, to allow it to autheticate your login to a website and that is still a lot like using passwords.

The fact that a lot of coverage focuses on how to use passkeys (using your biometrics to unlock them) and not on how they work exacerbates this confusion.

Also, what do you do if you want to login to an account, on someone else's computer, and you don't have your phone? You now do not have your private keys, so I guess it's impossible to login? That's actually much less convenient than a password, whatever its downsides are. It's all kind of predicated on the idea that people have their phones with them all the time.

I very much agree with this notion, but also have to concede that most people do have their phones with them all the time. The more realistic risk is their phone runs out of battery. But as mentioned previously, Bitwarden and other password managers plan to adopt passkeys. Keepass might do this too. In my opinion, password managers offer the only passkey implementation that should be adopted. Bitwarden can be used anywhere, including the web. You aren't locked into any 'ecosystem'.

I don't remember most of my passwords either, depending on my password manager for that, so the situation is no worse for me. Unfortunately, the only convenient method of logging in on another person's computer is probably going to be carrying your phone around in both scenarios. Or remembering your 40-character randomly generated password. Or if it's an account you see yourself doing that with, not using passkeys.

Edit: Another scenario where the passkey implementation is weaker than traditional passwords is you unlocking your phone in public, then having it stolen. In this scenario, the password manager implementation of passkeys is much better. If you protect your passwords with your 128-bit entropy master password and not biometrics, you're good.

Thank you very much for that explanation. I know I would have struggled for some time to understand the passkey standard properly without it.

So, all in all, my opinion is:

• Passkey standard = good
• Most passkey implementations = bad because they only work within an 'ecosystem'. Most implementations are also proprietary.
• Most people will use the bad passkey implementations unless they know better. Most people will not know better until they experience first-hand why the passkey implementations are bad. Like when I realized Google Authenticator was a bad 2FA implementation because it doesn't give you the secrets, and then had to re-create 15 2FA secrets.

Equal2024 I'm pretty sure Apple's implementation is not done this way, but I'm happy to be corrected.

Pretty much, pass(word|keys) are stored and synced via iCloud keychain encrypted with the iPhone passcode with hardware security modules on Apple backend to stop bruteforce.

Equal2024 Okay, so no remote attestation? Or remote attestation, but not through biometric data? Hmm...

Remote attestation is an optional feature websites can request for higher security, biometric is just the way the local password manager lets you access passkeys. You can use whatever you want, face fingerprint, passcode, smile on camera, or none.

Equal2024 The FIDO alliance thinks OTP codes are insecure:

Subject to phishing.

Equal2024 I don't think passkeys are immune to fatigue attacks, either. Are passkeys not also approval-based..?

Yes, you approve login but since passkeys are phishing resistant, at most you are logging in to the real website or app

Equal2024 You can either have an Android device with a passkey, or an iOS device with a passkey

I don’t think there is a way to export Apple -> Google or viceversa, but you can have multiple passkeys for one account, so you could save one for each plarform

Equal2024 Okay, that sounds really annoying. Hardware security keys are already sounding far better. I don't have to get up, go across the room to get my phone, unlock it, approve the passkey notification, and go back to my computer. I can just pickup my security key and plug it in, then tap it.

Passkeys are not created for techie people that intentionally buy multiple security keys, remember which is tied to which account, have with them when they need to login, never break or lose one. Passkeys are for the general public using insecure password with weak or nonexistent 2FA on their account.

cb474 So the account you're logging into knows your public key and you hold the private key. Only the device holding the private key can autheticate the account and nothing is transmitted that can be comprised (only the public key is transmitted). This means passkeys are not subject to phishing attacks

That’s not what makes them resistant to phishing. Passkeys and security keys are origin bound, they only work on the website they were registered on.

cb474 Also, what do you do if you want to login to an account, on someone else's computer, and you don't have your phone?

Well, if don’t have the phone but can still login, then you can proooobably remember the password, but you really should use random, strong, unique passwords stored in a password manager, for which you need a device for anyway.

Titan_M2

Pretty much, pass(word|keys) are stored and synced via iCloud keychain encrypted with the iPhone passcode with hardware security modules on Apple backend to stop bruteforce.

My comment was related to the iCloud Keychain only able to be used on Apple devices. I would not call my iOS - > GrapheneOS experience a 'seamless transition'. The answer is written as if it only expects you to upgrade your phone to a different phone from the same vendor, when it is also possible you will be upgrading to a different phone from a different vendor. Later on, this is confirmed, but as you explain, it isn't as big an issue because multiple passkeys can be added for one account. You do still have to re-create all the passkeys, so it's still a pain.

Also, they're still proprietary implementations. I still prefer the password manager implementation the most.

Remote attestation is an optional feature websites can request for higher security, biometric is just the way the local password manager lets you access passkeys. You can use whatever you want, face fingerprint, passcode, smile on camera, or none.

Thanks for clearing that up. The way it is written is ambiguous.

Passkeys are not created for techie people that intentionally buy multiple security keys, remember which is tied to which account, have with them when they need to login, never break or lose one. Passkeys are for the general public using insecure password with weak or nonexistent 2FA on their account.

I acknowledge the adoption issue in my other comment. I do have multiple security keys; one as a backup. I use the same keys for every account. I have never had any trouble with them. I even took them overseas without fuss. I don't think the general public would struggle to use security keys; I think the general public will never be convinced to buy them. I'm not saying they are made for everyone to use, but I want to acknowledge the technological superiority of hardware security keys. Namely; none of them are tied to a particular ecosystem and can be used on any device. I'll touch on the convenience factor later on.

I recently saw a news report in my country that covered a company trying to sell pagers to banks and attempting to convince their customers to carry around pagers using a proprietary authentication method that cost twice as much as security keys. The horrible humor in this is they will probably succeed, despite the fact that I know my bank uses Yubikeys for their computers. In fact, I know of a country that has implemented something similar, except for everything - visit the MitID thread: https://discuss.grapheneos.org/d/1520-status-of-mitid-app

I don’t think there is a way to export Apple -> Google or viceversa, but you can have multiple passkeys for one account, so you could save one for each plarform

This solves one of two problems, which is the ecosystem lock-in problem, and by far the bigger issue. It does not solve the issue of accessing/backing up the decrypted secret key. I see the FIDO Alliance intends to get around this by entrusting the cloud service with a copy of your encrypted credential, which is fiiine...but I would really like them to be able to be backed up by the user.

The user should always be in control. I realize anyone who knows anything about security will be the first to point out that the user is the most common cause of compromising their own security, but I don't accept that as a reason to take control away from the user, permanently. It's too easy an excuse for other bad behavior by vendors.

Well, if don’t have the phone but can still login, then you can proooobably remember the password, but you really should use random, strong, unique passwords stored in a password manager, for which you need a device for anyway.

And now I want to touch on the convenience factor of hardware keys. You can carry your hardware key around anywhere! Even, say...your friend's place. You could leave your phone at home, but as long as you bring that key and plug it into their USB-A slot, you can login to your account without your phone without a password. You don't have to worry about charging your hardware security key, either. I'm not planning on giving them up any time soon for passkeys. I will probably be forced to give them up anyway despite their superiority due to lack of adoption.

I'm not saying that hardware security keys are something the general public will be able to handle not losing or is willing to buy. I will say that I've lost my phone twice in the past two years (for a short period of time), but in the five years I've owned my security keys, I haven't lost any of them. I'm not using this anecdote to prove anything except my life priorities, but nonetheless, sticking your keys on a lanyard around your neck will make them quite hard to lose. I've also never broken a security key, but on this subject, I will have to quietly agree with you that the general public cannot be trusted to take care of security keys.

Thanks for your clarifications! I, for one, have found this thread very fruitful. I've changed my opinions at least twice, and I understand more about passkeys than I ever would have searching on my own.

Good question, alexandros !

ISTM it is BOTH; a safer means of "logging in" to a compatible site, AND another mechanism for Google to use to help build (and sell) its history of your online activities.
I'm presently thinking I'll stick with a Keepass data base of very-complex passwords, copied to my various devices; and 2FA via my email account.

BIG THANKS TO Equal2024 cb474 and Titan_M2 for helping to explain/understand this!!!

Yikes! matchboxbananasynergy . I'm hoping that means that the present keepass functionality will add compatibility with the passkey architecture, and not be somehow replaced by it.

cb474 What's to prevent an intermediary website from capturing the challenge, passing it on to the end users, getting the signed response, and then using it to log into the website itself?

See my quote above from the spec, the browser won't use the passkey to sign a challenge at all on a different website.