What is a passkey - and is it the future of online security? | BBC News
HTML-код
- Опубликовано: 19 сен 2024
- Passkeys are being called the future of how we stay safe online, with major internet businesses hoping this new tech will kill off passwords for good.
The no-password solution uses biometrics or device pins to protect our accounts online using some clever encryption.
Passkeys check who we are - as well as if we have the right code.
It means increasingly that the future of logging in online will require thumbprints, PIN codes and facial ID.
Subscribe here: bit.ly/1rbfUog
For more news, analysis and features visit: www.bbc.com/news
#Passkey #Technology #BBCNews
It’s not just about security vs privacy. It’s also about choice and freedom - what if I WANT to share my password with a trusted spouse or parent in a specific situation? What if a parent WANTS to log in a previously unknown app used by his/her children to monitor their activity?
Locking out and tying down access only a given biometric signature is also limitation on freedom as well.
that way just give themoption to use passkey
@@jeekakrishna Except big tech do NOT give users more options and more choices and more control, they IMPOSE CONTROL onto users whether they like it or not. They fearmonger and use "security" as an excuse to control users and treat everybody like a brain-damaged infant that need to be protected and thus can't be allowed to choose anything for themselves. Look at how Google killed Flash or Apple's walled-garden or Microsoft stripping all user-control from Windows.
They're doing the same thing here, removing all option to CHOOSE to take a risk with "less secure" passwords and FORCING it on everybody. Google already removed the "less secure apps" option, thus preventing any older mail-clients from working and accessing Gmail anymore. 😠 Microsoft is forcing people to switch to Windows 11 and thus forcing them to get new devices with "compatible hardware". Apple forces people to only buy apps through them to take a 30% cut.
You *can* share passkeys.
You can share Passkeys. If you use something like 1Password to store them, you can set to one time use as well
Pass keys 🔑 can be shared and in certain situations time bound ans restricted too
Good god, the amount of comments on here from people wearing tinfoil hats. Clearly don't understand the basics of biometrics and encryption, now wonder IT security jobs are so well paid. 😆
So why don't you explain it then?
@@notjustforhackers4252 Use your brain and google for: how do passkeys work
No, use Google and inform yourself.@@notjustforhackers4252
Not even a whisper about the privacy implications of this technology? Just give us your unique biometric data, what could go wrong? We promise we won't sell it to foreign or even local government, won't use it to track your online behaviour with absolute certainty about who you are, even if you really are a victim of fraud and we promise not to apply weird and nuances laws against you to keep you in line. We need compliant citizens. Thank you and good night.
They did say "like it or not". Does that count? 🤔
Biometric data NEVER leaves your device. It’s more complex than that. A public key is what leaves your device. You have a private key. And the biometric data is what lets you access the private-public key pair. It’s definitely designed to protect your privacy.
@@JS-ow2ct "Biometric data NEVER leaves your device"..... this is not true. Microsoft, Apple and Google have 100% access to your device. The EU and UK are also pushing for CSS ( content side scanning ). A public key is just a string of data, which can be generated from anything... like a password.
Source? @@JS-ow2ct
Biometrics are not required; you can use PIN, password, pattern, or whatever you use to unlock your device or password manager.
just get a yubikey -.-
at least 2, you always need a backup in case that one fails.
Done and done. I got hacked twice. Now I use 2fa, yubi keys, and passkeys.
Nonsense. Everything that is stored /managed digitally can be hacked. Passwords are good if they're well put together and stored only in one's head - and you use completely different pw for different service.
I have very complicated system. I create a password with an app (* digits - also special characters). Then I will add four digit to it which aren't stored anywhere. The same goes with the pw app itself 😂. True I cannot memorize them - like at all - except the four extra digits. So my passwords are very complicated... Not a single meaningful words. Not worth for hacking 😊
Trust some other entity besides youself to keep your password "Safe?"
Yea no thanks.
@@matthewrodriguez7957 Biometric data that any proprietary vendor has access to.... that any nation like the EU or UK can install, or demand to install, content side scanning on. YubiKey ( or alternative ) and passwords on an open source platform is the smart choice.
@@matthewrodriguez7957then you're saying it is impossible to log into things using a public computer at a library and just like how cash is losing and those without bank cards are being dehumanised, so too will be anyone without a personal computer or smart phone.
That's all fine until you don't have your phone with you or it stops working or gets lost or stolen, then you're proper foooked
Even upgrading your phone means you need to reregister because it may be the same number but a different model. Meanwhile, all this data entry could easily be hacked.
Now, "they" want our bio-identity?
Not really, the keys are held in the phone that is backed up to icloud etc. I also back mine up in a password manager that can be accessed from another device, no phone no problem.
@@jacko101 OK. I suppose a few things come to mind. How do you access your icloud etc if you don't know your login details?
Say I lose/break my phone and want to log into my banking account on my laptop, do I need to purchase a new phone first?
There are so many things that could prevent someone from have access to a smartphone with a working wifi connection at any given time.
Also I'd guess 99% of people don't have a password manager.
I appreciate the need for a new system for passwords, but this isn't it.
@@chriser555 If I lost every device I have, and I needed to access my bank with a passkey or any password for that matter. I would log into my free password manager (Bitwarden) using the only password I need to remember (it's long a very complex, over 17 characters). That has all the passkeys and passwords I need.
It's all about managing risk, nothing is risk free, not even password managers or Passkeys. BUT.. the risk if you getting your account hacked by using a reused/bad password is far far greater than using passkeys and/or a password manager. Trust me, I know... it's been my job for over 20 years.
You can actually use a dedicated password manager like 1Password that shares these Passkeys to all of your devices. It is not free, but $3 per month, and already support Passkeys for Passwordless logins.
I am completely against this. I travel a lot, I change my phone number very often and I'm so fed up being locked out of my accounts because they want a SMS verification or want me to confirm via my mobile device. I should have the right to make it password only. I dont got to sketchy sites and havn't had data breaches. Its ridiculous that many sites don't allow this.
This is the good thing with passkeys. Once using passkeys, you don't require a second factor such as sms or an app that generates those 6 digit codes for you. Even better, you don't need to store you passkeys on a phone. There are devices that are like a usb stick that can be used to store the passkeys on - to use them, you can plug them in via usb or use them via nfc. You can simply, attach it to your physical keychain, along with the (physical) key for your car or house. Another advantage of passkeys is: you can and should add multiple keys for a specific account (as a backup). So for example your Google account: you add one passkey that you store on the mentioned usb device and another is stored on your phone (and possibly also synced with the cloud). Sadly data breaches are happening even more and you don't want to trust the companies to take care of your passwords. btw. your passkeys never leave the device, they are just used for signing a challenge which the website sends to your device.
The future. And when they invalidate you on *that* network .... when your name isn't down on *that* list ....
The biometrics are just a string of data, data you cannot change. You can change your passwords.
sandpaper your fingerprints
@@HaHaBIah Wouldn't acid be more effective
Biometrics are not required; you can use a PIN, password, pattern, or whatever you use to unlock your device or password manager.
We’re gonna use both biometrics(who you are) and passwords(what you know). As you mentioned, password can change, but solely on passwords, you cannot protect your device and credentials from shoulder surfing. I think passkey is not passwordless future. But it’s truly better than traditional password.
Using finger prints, eyes and face seems more likely to be comprised. Would be better to use the anus print (rings around) or the wrinkles of the balls. Just stick ones device in their pants and unlock it... Voila. Heck thieves might be less hesitant to grab the phone.
The problem is you set it up on one device and then the next device blocks you out. Like setting up pass key on PlayStation account but then console locks you out. Even lmore frustrating than passwords.
Never doing that.
Wow, there are so many things wrong in this entire piece that I don't even know where to start.
Ok, here goes something. First and foremost, passkeys in the form of hardware keys have been around for at least a decade now, if we're only talking about the tech that is being used in this newer implementation of it. If we consider other forms it's even older than that.
So it's not "the future" of anything, it's an alternative to options that already exist.
The only thing really new here is that it's being integrated into smartphone OSs as a core function, by the OS developers - Google and Apple mostly.
Second, and this is part of an old discussion that already happened back when people were proclaiming biometrics were going to kill passwords - NOTHING will ever "kill passwords", because these alternative methods of authentication are NOT to be seen as replacements for something like passwords, but complimentary or alternatives to it. It's like general press and tech press cannot learn from past mistakes.
The thing people have to understand is that all of those different things - passwords, biometrics, passkeys, ToTP and other things all have different characteristics, different applications, different strong and weak points, different scenarios where they work better or worse. Security is not a monolithic thing, nor a black and white thing, you have different situations, different levels of security, different scenarios, and thus different methods to address the issue.
For this very specific application of passkeys, which is the use of a smartphone to hold the capability to authenticate into accounts, it's fairly obvious what the problem is. What if your phone gets stolen, broken, or is not with you when you need to authenticate into an account in a separate device?
It's obvious even in the door lock analogy given - if you lose your access card, you are SoL. For the keycode lock, it's a problem if you forget the code, but you don't have anything physical to lose there.
There is an intractable and unchangeable fact about passwords which is how you can just store it in your memory. Nothing can ever replace that, ergo all claims of something "killing" passwords are moot. It's the only method of authentication that relies on memory alone, or you writing something on a piece of paper and safely storing it. Almost everything else relies on you having a piece of software in an electronic device. Biometrics don't, but the difference with biometrics is that it's unchangeable. So if anyone finds a method to fool the system into thinking you have matching biometrics, the entire system is done. You cannot replace your fingerprint, your iris, your palm for another in case it gets replicated by someone else. You can replace a password though.
Now, let's talk about the portrayal of using password managers. First of all, it's not that complicated, you don't need all the maneuvering shown in the piece, and not all forms of a type of authentication method can be generalized as the piece makes it seem. I see the guy using a password manager is using two factor authentication with ToTP. That's his particular case, but it does not have to be like that. Broad strokes generalizations don't help here. This is arguably part of the problem for non-adoption - it's not the actual complexity of it, it's how it's portrayed.
But different to passkeys, you can have password managers in multiple devices of different types all synchronized, and they are not only useful for authentication, they are also useful to store all sorts of sensitive information, several of them have the ability to auto complete forms, a few of them have the ToTP part integrated into it, and important to some, some of them can be used offline and the entire data can be put into personal control - meaning you do not depend on proprietary stuff from a business for it to work. Most of those things are stuff a passkey cannot offer.
That is one of the potential big issues with the current idea of passkeys. It is considered very safe and very secure in general, because the underlying technology has been around for a long time and it has been audited several times over the years, but if you are going to use it in your phone, in the end there is some level of trust that you need to put in the phone's implementation of it, security around the function, plus whoever implements that in the phone which will usually be the OS developer - Google in case of Android phones, Apple in case of iPhones. So you are one way or another delegating the security of it to those.
Some security situations and some privacy and security focused people don't like that, they can't just trust big tech companies to do it right, so you need alternatives for that, which usually means passwords or password managers.
So, does this mean that passkeys are bad? No, they are not. Much like several other authentication methods, it's a balancing act. Passkeys are more CONVENIENT than passwords, but it's not a replacement. If it's well implemented following all the security standards that it has to follow, it can be a more convenient widespread way of authentication for the masses.
But all of this depends on the case, and it has, like any other authentication methods, strengths and weaknesses compared to other methods.
By the way, let me add this for people worried about security to consider. This passkey idea is derived from hardware keys that like I already said, have been in the market for well over a decade now. Most popular brand I know of is Yubikey. They launched their first FIDO Alliance compliant USB key in 2014. That compliance is what also guarantees the security of this new smartphone based passkey authentication method.
So, if you don't want to wait for the smartphone based solution, or want a separate device with the same level of security but potentially less convenient, you can buy a hardware key from that company and configure your accounts to be authenticated with that, for the services that allows it's usage of course.
That's also a limitation of passkeys. All the places you have accounts in needs to accept it as a form of authentication, or else you will be forced to rely on whatever they accept. That's another point in the problem of considering it a replacement. It's not only up to you, it's also up to the services and whatnot to accept and implement it's usage or not.
Of course with companies like Google and Apple adopting it natively more businesses will accept it as a form of authentication, but again, hardware keys basically use the same method, it's been around for a decade, and adoption still isn't widespread. It's not only because of some simple choice, but because there are costs involved in implementing and maintaining it.
So there you go. For those who want to be better informed about this, and not only swallow the hype.
can it read through Elastoplast?
How is a PIN (usually 4 or 6 digits) more secure than passwords? 🤔
as far as i understand it, you get a new code on your phone or you have to type the pin on an app in your phone, its the same as 2 factor authentication just less safe since there is no password
God forbid your phone gets stolen or you change your phone number.
The passkeys are backed up online for that exact reason!
I have issues very often with SMS verification, i get locked out of my accounts like 15 times a year minuimun because i travel often and change numbers. Its ridiculous sites dont allow me to disable it, thats my right.
Passkeys are not bound to any phone number. They are stored on your device and can be synced with a cloud service or password/keys manager. Also you don't need to store them on a device like a phone. There are hardware keys that can store them on - those are basically small devices that look like a usb stick and can be attached to your physical keychain along with your other physical car or house keys.
How would sharing accounts work ?
On iPhones or Apple devices in general for example, you can create a shared password group and store your passkey in there. All the people within that group can then use that passkey. This works with a lot of password/keys managers on Windows and Android devices as well
Biometric on the access card
I live in Bangkok, while working for a company in Sukhumvit, I am sure 100% that somebody is controlling my notebook, it is not a feeling. He wanted to know how I worked and what material I searched. If you know how to handle, help answer.
BBC: Make sure you use a wooden developer,
yes boss
Disappointing! So what are passkeys and how to use them etc.?
I'm not sure I'm comfortable with my biometrics being out there either, though.
Passkeys only require user verification, which can be: PIN, face recognition, or fingerprint. If you already use face recognition or fingerprint on your phone, it's no different. If you're that bothered use a PIN
The biometrics are for unlocking the passkey on whatever device it is stored. You're not sharing the biometrics with anyone. And like Jacko says, you can choose other ways of unlocking it.
yeah more faces and finger prints added to the data base!
@@CMC-23 Your biometrics don't leave your device, same as the actual passkey. They both stay on your device. You use your device's biometrics (or pin, padlock or password) to grant permissions to your device, to just use the passkey. The device then signs a challenge sent by the website and sends it back. If the signature can be verified, you will be logged in to the website.
1984
Is it decentralized?
No, it's stored on-device. (And the backups are on Big Tech's servers.)
@@I.____.....__...__ The backups can be in password managers not controlled by Google/Apple/etc. KeePassXC is an offline password manager, and it will have passkey support soon. There are iOS and Android apps that support KeePass databases.
Yes it is. Each passkey is tied to whatever service you're using it for. You don't have to store it in the cloud if you don't want to. You can also use hardware keys if you don't like storing the key on a mobile device. If you store it on a a iPhone or an android, it is backed up to the their servers. But you don't have to use their service, there are many others from providers who up til now have focused on password manager functionality but started to provide storage and syncing of passkeys as well. There are many options and you're not tied down. There are so many options that I understand it may feel daunting at first.
Did the WEF/WHO make this or is it enough just to say the BBC?
Dublin went from one of the safest cities in Europe to one of the most dangerous.
What changed?
🤔
Your mother? 🤷
@@I.____.....__...__ In 2022 a shocking 6,813 rapes were committed by youngsters aged ten to 17 years-of-age! And if that wasn't bad enough, there were 8,020 sex attacks plus 15,534 cases of indecent images of a child relating to the sharing of naked pictures.
How has our once peaceful and safe island home been turned into a place where children are preying upon other children in the most depraved manner?
SOROS moved people in
Hardware encryption keys (ie Yubikeys). No biometrics required. Biometrics are _someone else's_ vision of the future, not Ours.
They're great when you have them, terrible when you lose them. For tech/security enthusiasts, they do the job, but with few services supporting them, and the inconvenience of owning and keeping yet another piece of hardware safe, they'll never see mass adoption. Passkeys also don't require biometrics - they're optional.
Star Wars The Old Republic offers a passkey thing
You know if you lose your phone or it dies nowadays ya screwed
Not really, the keys are held in the phone that is backed up to icloud etc. I also back mine up in a password manager that can be accessed from another device, no phone no problem.
@@jacko101 what happens if I don't want "the cloud", or even an account to log in to the device for that matter?
that's why I run Android but with a custom ROM. I dont need/want cloud anything, smart anything, google anything, voice anything etc. etc.
it has way more downsides than pisitives
@@ent2220 If you don't want "the cloud" don't use it. The key will stay on the device you created it on, but that's not very useful especially if the device is not available. So you can use a USB key with the passkey on that, like a Yubikey.
@@ent2220
That’s frankly just pointless posturing on your part…
@@ent2220 You can add multiple passkeys for a specific account. Or even better: use a (or better 2 - one as a backup) hardware key(s) to store your passkeys on. That way even a virus on your phone cannot compromise your passkeys as they never leave the hardware key.
I don't think giving your password to a third party is secure.
Pa55key
It's not. Soon they will want people to sign in with their DNA. 2FA Authenticator works fine.
Oh.. but your fine giving them a normal password that is then stolen and reused. The exact reason why Passkeys were invented is because your not giving a third party anything insecure. Just the public key, which is useless to a hacker.
@owenmcdonald6479can I use ur wife ?
There are no 3rd party
Uh oh This could turn out sinister They are working their way toward marking us. Adding just a few non letter or number keys, like @ £ $ % ^ & * + etc can make your passcode far stronger.
Pin code or patterns should not be accepted as a means of unlocking the phone as those are inherently weak.
Passkeys also comes with a lot of but and if's so there is a lot to be done there for this passwordless future.
once quantum computers commercialized... any password can be hacked in fraction of seconds
The future of online security is unbiased and fair media. But you know nothing about that, BBC.
All the better to track you, my pretty! 🤨😡
It has NOTHING to do with tracking. Get yourself better informed. Maybe read some of my more complex comment answers posted under this video.
@@omsi-fanmarkoh look an nwo shill
2:21 Until the #BadActors break through the encryption codes or algorithm and we're straight back to square one. 🤷♀️🤨
It's similar to the SSH key-based authentication using a public-/private key pair. SSH key.-based authencation is very safe, used to remotely login and administer computer systems over the Internet. It's being used for many, many years without hacks. Despite of this, the digital keys securing such logins have been upgraded multiple times to make break-ins even more unlikely. You'd need to run a very long brute-force attack and will most likely still fail, even after many years of trying. As always, you need to keep your own systems and data safe. The human factor cannot completely be excluded from any risk, that's never going to change.
Here is my view on this. The more elaborate you make security, the more dangerous it becomes should it be compromised.
Passkeys are based on public key cryptography that has been in use for decades. Passkeys are simply an attempt at making the proven technology easier for the average person to use.
It's not elaborate.. it's just you don't understand it.
Not only that it also makes it less user-friendly / efficient. And of course security also can destroy privacy. No thank you. Especially if some entity is forcing me to be secure, then we have a problem.
The ministry of truth.
It's good, but for the majority of criminals will be locked out the office 😊😊
My passwords are long and secure, I'm IT literate and have my own unique implementation of being safe. I will never use biometrics, especially face, and nor am I interested in using an identity card or whatever else they said in the video. Even phone numbers aren't needed. All you need is 2 email accounts, dependant on eachother with really strong passwords, and good encrpytion
People really need to understand that all these "advanced/smart" solutions you see out there that are so easy to set up are all kind of a scam - you're giving up your privacy, ability to own stuff (so freedom) and who knows what else
@@ent2220 Here's the problem though, most people aren't IT literate. That's what leads people to reusing the same password across multiple accounts, or setting weak passwords, or both. Passkeys present a solution that's even simpler than passwords (with nothing to remember) while also being more secure than passwords (by being immune to phishing attacks and not allowing users to set a weak passkey). There's no scam. Even the most secure password isn't as secure as multi-factor authentication.
BBC english should give the subtitale in english 😢
Been using passkeys for almost a year and noticing more and more services implementing it. Personally, they’re more of a hassle than your phones password manager but far more secure. Almost impenetrable
Passkeys have the right to defend themselves
Too true 😊
I don't like fingerprint code. If you was broken finger, you couldn't use this passkey type.
Always a good idea to register multiple fingerprints when you setup biometrics, from both hands.
You don't have to use fingerprint or face. You can use PIN, password, pattern, or whatever you use to unlock your device or password manager.
@@bigjoegamerI get it, you basically can't be hacked. But the PIN now leaves a threat as alarming as getting hacked: being robbed. All it takes is your PIN in order to steal everything, no?
@@caiopoggers It's security vs convenience, but no amount of security will be enough if a thief has your device and has/knows the correct way to unlock it.
No matter what device you use, if someone steals it *and* can unlock it, you're in trouble.
It doesn't take only your PIN; it takes your PIN and your device.
If you use passkeys, then the hacker needs your device, or access to your password manager if you store the passkeys in an online password manager that isn't locked with a passkey.
Fortunately, password managers are already working on allowing users to log in to the database with passkeys. 1Password and Bitwarden are two password managers with that feature available in public beta tests.
If you lose all your passkeys, you can use the recovery code you wrote down to get access to your password manager.
@@caiopoggers well, at least remote phishing could be reduced. if your physical device that store login info is stolen, then your best move is to remove passkey logon from your account as fast as possible.
Passwords may not be ideal, but biometrics data is worse and it's huge violation of personal privacy. Sadly, so many people are foolish enough to willfully give theirs up.
People misunderstand the part of biometrics. And I agree that this woudl be worse. However, the biometric data NEVER leaves your device and is only there as a second factor of verification and is not even neccessarily biometrics data. A pin, padlock, or a password can be used as well, whatever you prefer to unlock your phone.
So when a website is trying to log you in using a passkey, you have to tell your phone that it is really you (this is just to prevent someone from stealing your phone out of your hands, while it is unlocked, and then trying to use your passkeys). It's the same as unlocking your phone an one more time, just for the passkey usage.
Also, each passkey is uniquely created, that way websites cannot track who you are as they could do it you would only have one passkey for every website. Even if you add multiple passkeys to the same account on a website, they will still be different keys.
I hope that can clarify it a bit more
2 minutex 35 second wasted time!
Big brother wants you to accept your digital passport!! Hahagaga!!
Passkeys have nothing to do with digital passports. Like a password, a passkey is a piece of information shared only between you an the online service you are using. But it is unique to one service (that one it was created for) and is much more complex. As it is an automatically generated, digital key specific to one website-to-client connection, it will never be used elsewhere. If you sign up to another digital service, a new passkey will be used for that service, while the first one remains untouched. The one from the first service cannot be used for the second and vice versa. The only thing you need to do is protect the digital key from data theft. But you cannot steal a passkey like a password in the form of plain text, so phising scam has no chance. Any digital service has to identify itself to your browser or device with their public key before your browser or device will send its authentication data. As for safekeeping the informatioon, passkeys are stored either in a device-specific, protected data store (for example, you'll need to unlock your phone with your PIN before you can use it), or in an encrypted password database on your PC protected by a strong master password that protects the entire data file and is used nowhere else. (KeePass-XC is a free, open-source software I use for password and passkey management. It works locally, no cloud integration. You may however backup it's data or organize your own key data synchronization if you want to. All data is encrypted into a .kdbx file.)
They'll tie passwords to a smartphone and you'll have to buy the latest updated, locked down pocket computer that you don't truly own to do basic things online.
Passkeys are an open authentication standard. The Passkeys themselves are not locked to any single device you own and can easily be exchanged between your devices.
@@Irricas How about I don't want them? I don't need biometrics or even a phone number for "security" purposes.
@@ent2220 You don't need biometrics or a phone number for passkeys. A PIN, Password or Screen Pattern are fine too. All you use them for is to prove you have permission to access the passkeys stored on a device and then use those passkeys to authenticate your login.
@@ent2220 Use the PIN option then
@@ent2220 Then don't use them, it's your choice. But it's often safer to use multiple factors of security as opposed to just a password for instance.
Nah no way
YT was reading my feedback to Microsoft on my password, then sent me this video after only watching 3 videos not related to this. Okay, so I clicked on this video now. What happens next? They'll feed me another 'related' video? So many accessibility options that you turn on your phone, can have hidden details that you wouldn't normally guess would be happening. This gets to a point where I ask, do i care anymore? And that is the point they want you to be at.
Living in Bangkok, a chance of being hacked is 200% sure. It is not like Germany, privacy life stolen by hacker is certain. These hackers are foreigners are expert in IT. Don’t expect that cyber polices will take any action.
My sincere thanks for sharing it.
🎉🎉
Interesting story😊
It's all about total control of what you read
It's about total control of a control of a control. 😂
Most of us are happy with passwords.
And yet they cause a lot of security issues for the casual user because while the best passwords are unique, strong, and new, few people actually follow these best practices. They use the same weak passwords across multiple accounts which makes it easier for people to suffer fraud or data theft. Passwords are inherently prone to user error so passkeys alleviate this burden on users by being secure and easy to use by default.
Biometrics is a big no no in gdpr regulation. As far is this is not used its probably ok unless eu says otherwise.
It doesn't have to use biometrics. You can use a passkey with PIN, password, security key, pattern, etc.
I can't use a smartphone because it's too small for my eyes and my coordination is getting worse. I'm on an old tablet. Then again, I have nothing much to steal.
You don't need to use a phone or any other device. There are actual hardware keys (devices that look like a usb stick but are made for exactly that purpose of authentication). You have the ability to store and use passkeys on and from that hardware key by plugging it in via usb or (if enabled) tapping it via nfc. This is an even better and more secure way as even a virus on your phone has no way of stealing your passkey when it is stored on such a device.
Even if you have not much to steal, you deserve to be safe online as the online world can be a scary place if data comes into the wrong hands.
You should be ashamed of yourselves, BBC. Since when do you offer free advertising to scammers? 😢 I expect a retraction and an apology for this poor attempt at journalism.
How exactly did they advertise to scammers?
This is wonderful.
I can't remember the passwords. I was hacked from Samsung with no choice yes or yes, to choose 1 ad or the other; couldn't get out of it. Couldn't remember password. Had to buy new phone.
@@velmamasi4305 another good thing is that passkeys are bound to the service, you signed up. For example: if you sign up on google using passkeys, the passkey created for google will only work on the real google site. If someone creates a fake google site, to try and trick you into logging in and revealing your details, your device will simply say: "no passkeys found for that page" because it will do a deeper check. Where as with using a password, it would be really hard to differentiate the fake google site from the real one.
I mean ...they already have everyones biometrics nothing new really.
You don't have to use biometrics. With passkeys, you can use PIN, password, pattern, or whatever you use that unlocks your device or password manager.
Future, top down bottom up middle out. Funny viewing problem making solution in its own escape attempt.
Nope ❌ Nope ❌ Nope ❌ Nope ❌ Nope ❌ Nope ❌ Nope ❌ Nope ❌
TERRIBLE idea. Once they figure out how to "spoof" the passkeys? We're ALL fucked. Now, I have dozens of passwords, so if hackers manage to find one, they don't have ALL OF THEM. If they spoof my passkey, they have access to EVERYTHING I have access to... banks, investments, social media... everything.
Absolutely not. You don't create one passkey for everything. You create multiple passkeys, as you do passwords, one for each service/account you want to access.
This brings to mind George Orwell and 1984 yet again and should be opposed as this is just another method of controlling your freedom.
And then the next will be 'passshit'.
It will just make everything more expensive.
These gimmicks always do.
No.
No to devil.
One can open without a password, so will be able without finger touch or face.
It is so there will be no more privacy at all - The governments and big tech knows where you are at all times, what goods you are purchasing, and what apps and digital content you consume
The working class and middle class will never be able to rise upa against injustice ever again
i have so many accounts that i have to list them all in an excel sheet.
Highly recommended. Especially FB, PayPal, Amazon Apple ID, Google etc. Make it difficult for the fraudsters.
It's all about control wake up
@@Roland_Tr909_SwingNo, it's not. It is a safe alternative to passwords, whuch can easily be stolen (password scam fraud). Get yourself better informed. Maybe read some of my more complex comment answers posted under this video.
@@Roland_Tr909_Swing I think you 're the one snoozing.
AssKisss
Get AI that biometric data and see how your cookies crumble
So in other words they're forcing you to own a smartphone even if you don't want to?
no, you can use your computer for it too of course
how would you log into a website in the first place without a computer
@@meowoasdgjoiagjoi Hey it's up to you but you should only really comment when you don't make yourself look like an idiot.
@@Progressive_Canadian Nothing about passkeys forces you to own a smartphone. You can create, store, and access them using another device like a PC if you prefer not to use a phone. What makes you think it forces you to own a phone?
@@alanharper23 If you own a desktop computer such as a mac or pc what else are you going to use as a key other than a smart phone?
@@Progressive_Canadian you can create, store, and use passkeys all on your desktop computer. A second device isn’t required.
1984