Leo: Another excellent presentation on passkeys. I am very interested in this process, and you have made it more clear. I hope to see more apps/websites etc offer this option.
Thank you for your time on the subject of passkeys. It seems that sometimes thieves monetise mobile phone theft by shoulder-surfing when someone puts in their phone pin (or similar) and then snatch the phone away. If this happens and therefore the thief has your pin, then when they search the phone for bank apps etc, they can effectively confirm that they are you and gain access. Am I correct? Thanks again.
John Savill did a deep dive on passkeys a couple of months ago. It’s well worth a watch. There’s also a good video where Microsoft and Google guys go through a passkey usage scenario across desktop and mobile. There are also some online demo sites. I started with those. Then I watched and read some stuff before dipping my toes in the water.😊
@@askleonotenboomBitwarden are rolling out passkey access to Bitwarden itself (it’s in beta), though I don’t know how this is supposed to work. For now I’ll stick with my master password until the dust settles!
Hi Leo! I have an old outlook email account that recently I found out that is constantly for some reason is trying to be hacked with several wrong password inputs per day from various countries. I have change my password with a strong random password from a password manager and I have 2FA enabled ( a random 6 digit number every 30 seconds). I’ve also recently enabled a passkey for this account but I have some questions in order to understand more how it works. 1. From the time a passkey is created shouldn’t the sign in process require only a passkey to sign in the account and not require a password after user name input? ( so attempts like this in my case are worthless? ) Instead in my case still requires a password to sign in for some reason 2. When you enable a passkey shouldn’t give priority to this method of singing in and overcome the previous enabled 2FA method with one time 6 digit number? Should I delete the one time 6 digit number 2FA method in order passkey to work for the account as priority? 3. And last as a general advice, should I worry for this account and stop using it or should I continue using it mind free? Thanks a lot in advance!
1. No. A passkey set up on one device - say your computer - is only for that device. If you go to a different device, then you either need to sign in a different way, or set up a passkey for that device. 2. Do not delete 2FA. Passkey may be prioritized, but again it's only on the machine(s) on which you set it up. 2FA continues to protect you on all other devices. 3. With a good strong password and 2FA I would not worry about this account.
I was having the same problem. Login to your account. Go to your info and create a new alias. Make it the primary alias. Go back to your info and change sign in preferences. Disallow for sign in all previously attacked aliases. Now they can only try your account if they get this new primary alias, so keep this one out of the public sphere best you can.
![Chlöe - Shake (Feat. Jeremih) [Official Visualizer]](http://i.ytimg.com/vi/aDs_1ufpfv8/mqdefault.jpg)
✅ Watch next ▶ How Can Passkeys Possibly Be Safe? ▶ ruclips.net/video/EA9mK3nJE1o/видео.html
Thanks, Leo! Always interesting. Good day.
Thank you!
Leo: Another excellent presentation on passkeys. I am very interested in this process, and you have made it more clear. I hope to see more apps/websites etc offer this option.
Excellent review and explanation. Thanks Leo!
Thank you for your time on the subject of passkeys.
It seems that sometimes thieves monetise mobile phone theft by shoulder-surfing when someone puts in their phone pin (or similar) and then snatch the phone away. If this happens and therefore the thief has your pin, then when they search the phone for bank apps etc, they can effectively confirm that they are you and gain access. Am I correct? Thanks again.
It can be overwhelming trying to navigate the difference between passkey and 2fa authenticator apps and password managers.
John Savill did a deep dive on passkeys a couple of months ago. It’s well worth a watch. There’s also a good video where Microsoft and Google guys go through a passkey usage scenario across desktop and mobile.
There are also some online demo sites. I started with those. Then I watched and read some stuff before dipping my toes in the water.😊
I think more websites will have this. I prefer these although a password manager easily helps.
Bitwarden and Proton Vault both remember passkeys.
As does 1Password.
@@askleonotenboomBitwarden are rolling out passkey access to Bitwarden itself (it’s in beta), though I don’t know how this is supposed to work. For now I’ll stick with my master password until the dust settles!
>you only have to identify yourself to your device
ie, type in your passWORD.
Or ID with your face, your fingerprint, your PIN, or whatever technique you've set up with that device.
Hi Leo! I have an old outlook email account that recently I found out that is constantly for some reason is trying to be hacked with several wrong password inputs per day from various countries. I have change my password with a strong random password from a password manager and I have 2FA enabled ( a random 6 digit number every 30 seconds). I’ve also recently enabled a passkey for this account but I have some questions in order to understand more how it works.
1. From the time a passkey is created shouldn’t the sign in process require only a passkey to sign in the account and not require a password after user name input? ( so attempts like this in my case are worthless? ) Instead in my case still requires a password to sign in for some reason
2. When you enable a passkey shouldn’t give priority to this method of singing in and overcome the previous enabled 2FA method with one time 6 digit number? Should I delete the one time 6 digit number 2FA method in order passkey to work for the account as priority?
3. And last as a general advice, should I worry for this account and stop using it or should I continue using it mind free? Thanks a lot in advance!
1. No. A passkey set up on one device - say your computer - is only for that device. If you go to a different device, then you either need to sign in a different way, or set up a passkey for that device.
2. Do not delete 2FA. Passkey may be prioritized, but again it's only on the machine(s) on which you set it up. 2FA continues to protect you on all other devices.
3. With a good strong password and 2FA I would not worry about this account.
@@askleonotenboom thank you very much!
I was having the same problem. Login to your account. Go to your info and create a new alias. Make it the primary alias. Go back to your info and change sign in preferences. Disallow for sign in all previously attacked aliases.
Now they can only try your account if they get this new primary alias, so keep this one out of the public sphere best you can.