An oversimplified explanations of Passkeys

By +Warwagon
in Essential Guides

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

passkey.jpg.063550633927c1f21283cb15e02377ab.jpg

Imagine one of those heart necklaces that breaks into two matching pieces. One person keeps one half, and the other person keeps the other half.

With passkeys, the website has one half, and you have the other half.

If the website gets hacked and someone steals its half, that stolen piece is useless by itself. It cannot unlock your account without your matching half. This particular heart necklace is one of a kind, there is only one in existence.

Your half of the necklace has to be stored somewhere.

It might be stored on your phone, tablet, computer, security key, or a password manager that can sync it between all your devices.

A security key is a small physical device that you keep with you, kind of like a house key, car key, or flash drive.

I would not usually recommend a security key as the first option for the average person. For most people, it is easier to use their phone, computer, or a password manager that can sync passkeys between their devices.

A security key is more like a spare key you keep in a safe place, just in case you lose access to your other devices or your password manager.

Some security keys plug into your computer. Some plug into your phone or tablet and some get tapped against your device.

The idea is simple: a security key can hold another passkey for the same website.

Think of it like creating a second one-of-a-kind heart necklace for the same account. One necklace could be paired with your password manager, while another necklace could be paired with your security key.

That means the website has more than one matching half on file. One half matches the passkey in your password manager. Another half matches the passkey stored on your security key.

So, if you lose access to your phone, computer, or password manager, you would still be able to log in using the passkey stored on your security key.

Think of it like keeping an extra special necklace piece on a tiny keychain, stored somewhere safe. The website still has the matching half for that security key, but your half is safely stored inside the little key.

A passkey does not automatically exist on every device you own. It lives wherever you save it.

If your half is stored on one device, then that device is the one that has the matching piece.

For example, if you create the passkey on your Windows computer and it is only saved to that computer, your iPhone does not automatically have that same half. If you create it on your iPhone and it only stays on that iPhone, your Android phone does not automatically have it either.

That is where password managers come in.

A password manager can act like a protected jewelry box for your passkeys. Instead of your half of the necklace being locked to only one device, the password manager can securely sync that half to your other approved devices.

For example, Apple Passwords and iCloud Keychain can sync passkeys between your Apple devices. Google Password Manager can sync passkeys with your Google account.

But password managers such as 1Password and Bitwarden can sync passkeys between everything, your phones, tablets and computers.

Now, you might ask: “What happens if I lose access to the device that has my passkey?”

That depends on where your passkey was saved and what recovery options the website gives you.

If your passkey was synced through a password manager, you may be able to sign in from another device that has access to that same password manager. For example, if your passkey is saved in iCloud Keychain, Google Password Manager, 1Password, or Bitwarden, another approved device may still have access to it.

If your passkey was saved only on one phone, computer, or security key, and you lose that device, then you may not have your half of the necklace anymore.

In that case, you would usually need to use the website’s backup login or account recovery options.

A lot of websites that support passkeys still let you fall back to your regular password. So if you lose access to your passkey, the site may still let you log in with your password, a code sent to your email, a text message, a recovery code, or some other account recovery process.

That is convenient, but it is also important to understand: if the website still allows password login, then your password still matters.

Passkeys are safer than passwords, but if your account still has a password as a backup, you should still use a strong, unique password and turn on two-factor authentication if the website offers it.

This is why it is a good idea to have more than one safe way back into important accounts. For example, you might keep your passkey in a syncing password manager, add a second trusted device, save recovery codes somewhere safe, or set up a backup security key.

A passkey is very secure, but just like a real key, you need a backup plan in case you lose access to it.

Now, you might ask: “What stops a hacker from copying my half of the necklace?”

That’s the important part: your half is protected. It is not something you type in, and it is not something the website gets to keep.

Think of your half as being locked inside a tiny safe on your phone, computer, security key, or password manager. That safe only opens when you approve it with your fingerprint, face, PIN, or device password.

When you log in, the website does not need to see your half. It only needs proof that your half matches its half.

Your actual half is not handed over to the website.

This is different from a password. With a password, you type the secret into the website. If you type it into a fake website, the hacker now has it.

With a passkey, you are not typing your secret into the website. Your device is proving you have the matching half without giving the half away.

That also helps protect you from fake websites. If someone makes a fake login page that looks like the real site, your device can tell it is not the real match. It will not use your passkey there.

Now, could someone use your passkey if they stole your device, got into your password manager, or somehow unlocked the safe that holds your half? Yes, that is why your device password, PIN, fingerprint, face unlock, and password manager security still matter.

But a hacker cannot just steal your passkey from the website or trick you into typing it into a fake page like they can with a password.

That is why passkeys are safer than passwords. The two matching pieces have to come together, like two lovebirds who were once separated and are finally reunited.

  • goretsky, +virtorio, +InsaneNutter and 1 other
  • Like 4
  • +Warwagon changed the title to An oversimplified explanations of Passkeys

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft releases PowerToys v0.100.1, fixes a bug that made remapped keys misbehave

      By Ivan Jenic · Posted

      Microsoft releases PowerToys v0.100.1, fixes a bug that made remapped keys misbehave by Ivan Jenic Microsoft just released PowerToys v0.100.1, a patch update that addresses several stability and behavior issues found in v0.100.0. The v0.100.0 patch was a significant update for PowerToys, as it introduced all sorts of new features and additions, such as a rebuilt Shortcut Guide, a Command Palette Extension Gallery, webcam overlay support in ZoomIt, and more. However, the v0.100.0 version also introduced some bugs and stability issues. And now, Microsoft is addressing these issues in the new patch. The most impactful fix in this release perhaps is in Keyboard Manager, where remapped modifier keys were being delivered as system-key events, causing unexpected behavior in apps. The clearest example of this was Alt-to-Backspace remaps, deleting whole words instead of a single character. So, if you thought there was an issue with your keyboard, Microsoft just confirmed that it was PowerToys. Beyond the Keyboard Manager fix, v0.100.1 also addresses several other issues. It fixes a bug with Power Display that was preventing monitors from waking from standby correctly. Additionally, the new update patches Quick Access crashes on launch, and resolves a Shortcut Guide crash that occurred when switching between sidebar sections. Here’s the full changelog: Color Picker Fixed a bug where the main Color Picker window could appear inside the zoomed-in picker view Command Palette Fixed Run history initialization in AOT builds Fixed a bug where the Performance Monitor dock item could show ??? after restart Fixed the Hibernate command using the Sleep icon Limited the "pin to dock" dialog to displays where the dock is enabled Keyboard Manager Fixed modifier keys remapped to non-modifier keys being delivered as system-key events, which caused unexpected behavior in apps such as Alt-to-Backspace deleting whole words Power Display Fixed a bug where selecting On in the monitor power-state control did not wake a monitor from standby Fixed built-in display detection and brightness control on dual-GPU laptops where the internal panel is driven by the discrete GPU PowerToys Run Fixed VS Code Workspaces discovery after VS Code moved recently opened workspace data to shared storage Quick Access Fixed Quick Access flyout crashes caused by unhandled XAML exceptions during launch or page navigation Shortcut Guide Fixed a crash when navigating between Shortcut Guide sidebar sections Fixed number-key rendering in shortcut manifests and added a Postman shortcut manifest Updated bundled shortcut manifests to use the literal number-key token so number keys render correctly across apps ZoomIt Fixed a race condition in audio initialization for ZoomIt video recording You can download PowerToys v0.100.1 from the official GitHub releases page.
    • OBS Studio 32.2.0 Beta 2

      By Copernic · Posted

      OBS Studio 32.2.0 Beta 2 by Razvan Serea OBS Studio is software designed for capturing, compositing, encoding, recording, and streaming video content, efficiently. It is the re-write of the widely used Open Broadcaster Software, to allow even more features and multi-platform support. OBS Studio supports multiple sources, including media files, games, web pages, application windows, webcams, your desktop, microphone and more. OBS Studio Features: High performance real time video/audio capturing and mixing, with unlimited scenes you can switch between seamlessly via custom transitions. Live streaming to Twitch, YouTube, Periscope, Mixer, GoodGame, DailyMotion, Hitbox, VK and any other RTMP server Filters for video sources such as image masking, color correction, chroma/color keying, and more. x264, H.264 and AAC for your live streams and video recordings Intel Quick Sync Video (QSV) and NVIDIA NVENC support Intuitive audio mixer with per-source filters such as noise gate, noise suppression, and gain. Take full control with VST plugin support. GPU-based game capture for high performance game streaming Unlimited number of scenes and sources Number of different and customizable transitions for when you switch between scenes Hotkeys for almost any action such as start or stop your stream or recording, push-to-talk, fast mute of any audio source, show or hide any video source, switch between scenes,and much more Live preview of any changes on your scenes and sources using Studio Mode before pushing them to your stream where your viewers will see those changes DirectShow capture device support (webcams, capture cards, etc) Powerful and easy to use configuration options. Add new Sources, duplicate existing ones, and adjust their properties effortlessly. Streamlined Settings panel for quickly configuring your broadcasts and recordings. Switch between different profiles with ease. Light and dark themes available to fit your environment. …and many other features. For free. At all. OBS Studio 32.2.0 Beta 2 changelog: Beta 2 Changes Fixed a CI deployment issue. There are no application changes since Beta 1. 32.2 New Features Replaced add source dropdown with new dialog [Warchamp7] Improved FPS selector UX [jcm93] Added missing file support for filters [exeldro] Added ability for plugins to set custom icons for new source types [cg2121] Included .webp files when adding a directory to Image Slide Show source [TarunCore] Added copy paste functions to frontend API [exeldro] Added filter to compose SDR into HDR [jpark37] Added delete as a hotkey to delete sources on macOS [PatTheMav] Added dynamic bitrate support to multitrack video [lexano-ivs] 32.2 Changes Forced Intel-based installations to update to Apple Silicon version on macOS [PatTheMav] This change means that OBS Studio versions built for Intel-based Macs but running on Apple Silicon Macs will automatically update to OBS Studio built for Apple Silicon Macs. If an installation was using third-party plugins, those plugins will no longer load until replaced with Apple Silicon versions. Fixed audio mixer state getting out of sync when changing settings via websockets or plugins [Warchamp7] Added theming for checked QToolButtons [glikely] Improved OpenGL performance slightly on low-end machines [kkartaltepe] Set minimum size for color source to 1 pixel [exeldro] Added minimum width to spinboxes [Warchamp7] Disallowed overwriting the crash handler [sebastian-s-beckmann] Applied process mitigation policies for Windows [notr1ch] Adjusted description of multitrack video [jhnbwrs] Changed new capture devices to use fallback frame rate by default [PatTheMav] Improved DLL loading behavior on Windows [notr1ch] Limited multitrack video config to Custom service [PatTheMav] 32.2 Bug Fixes Fixed OAuth and dock state save corruption [PatTheMav] Fixed group bounds not resizing when removing items [howellrl] Fixed canvas mixes not being restored after video reset [dsaedtler] Fixed some erroneous crashes during shutdown [Warchamp7] Fixed display capture sometimes capturing black after a duplicator failure [ThrowTop] Fixed color of controls dock output buttons in System theme [shiina424] Fixed virtual camera reset failures [stephematician] Fixed potential crash when user discards changes in the settings window [suogesi] Fixed incorrect return value in virtualcam filter [xtfo] Fixed source toolbar buttons not working after dragging a source into a group [Warchamp7] Fixed properties hint icon spacing [Warchamp7] Fixed potential crash when a video device reconnects on macOS [jcm93] Fixed an issue where PipeWire could fail on NVIDIA GPUs [hoshinolina] Fixed obs_canvas_get_video_info returning incorrect framerate [dsaedtler] 32.2 Deprecations Deprecated obs_properties_add_button [sebastian-s-beckmann] Download: OBS Studio 32.2.0 Beta 2 | Portable | ARM64 | ~200.0 MB (Open Source) View: OBS Studio Homepage | Other Operating Systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft is building an AI datacenter that "uses less water than a fast food restaurant"

      By Slugsie · Posted

      Is a fast food restaurant a good metric to compare against?
    • Grand Theft Auto VI pricing revealed alongside Ultimate Edition and pre-loading details

      By LoneWolfSL · Posted

      Grand Theft Auto VI pricing revealed alongside Ultimate Edition and pre-loading details by Pulasthi Ariyasinghe Last week, Rockstar revealed Grand Theft Auto VI pre-orders will be starting soon, and just a day ahead of that, now the studio has announced the official pricing for the highly anticipated game. This has been a hotly debated topic among fans and industry veterans for a long time, considering the game is expected to be the biggest entertainment product launch ever. The confirmed pricing for the Grand Theft Auto VI standard edition is $79.99, which Rockstar says gives access to the "single-player experience set in the biggest, most immersive evolution of the series yet." This follows what most of our readers thought would happen with the pricing too. At the same time, a $99.99 Grand Theft Auto VI: Ultimate Edition has been confirmed as well, which lands with "an exclusive collection of premium vehicles, weapons, apparel, and action threaded across all aspects of Jason and Lucia’s story." Pre-ordering will also give fans extra bonuses, including a Vintage Vice City Pack of cosmetic items as well as a free month of GTA+. Head to the official website of the game here to check out all the cosmetic rewards the Ultimate Edition and pre-orders bring. Interestingly, the studio does not mention Grand Theft Auto VI multiplayer at all in today's announcement. Perhaps this will arrive later, following the campaign launch, or the studio is keeping that reveal for a later date. Digital pre-orders for Grand Theft Auto VI will begin on June 25, 2026, at midnight local time across regions for Xbox Series X|S and PlayStation 5. The title is slated to launch on November 19 on those same platforms. Pre-loading for Grand Theft Auto VI will kick off on November 12, giving players a week to get the game ready on their consoles. As for the physical edition, Take-Two has confirmed that this will be available without a disc, with the box only containing a download code inside. This will be purchasable starting November 12, giving players who take this route time to pre-load the title as well.
    • Politically funny images of the World

      By +Edouard · Posted

  • Recent Achievements

    • One Year In
      OHI Accounting earned a badge
      One Year In
    • First Post
      Almohandis earned a badge
      First Post
    • Rookie
      DaviKar went up a rank
      Rookie
    • Dedicated
      HidekoYamamoto94 earned a badge
      Dedicated
    • One Month Later
      timbobit earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      474
    2. 2
      +Edouard
      172
    3. 3
      PsYcHoKiLLa
      122
    4. 4
      Michael Scrip
      83
    5. 5
      Xenon
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!