[Lex Computer & Tech Group/LCTG] Passkey Google Chrome update

Wed Oct 16 22:46:14 PDT 2024

Correct.

Right now 99% of the people who have implemented passkeys have no idea 
where they are or how to manage them, they just know that they work somehow.

That is one of the reasons why it is a good idea to use a single 
platform for the use and implementation of passkeys. Passkeys are still 
in flux regarding the way they are managed because there's no standard 
for sharing passkey information between different products.  If you're 
entirely in an apple ecosystem then you have  coordination, but if you 
want to use even one Windows computer it throws everything out of 
balance because there's no sharing between Windows and Apple.

My preference is to have all passkeys stored in my password manager. 
Unfortunately, my password manager is not under management of only one 
developer or organization.

I use an open source password manager on my desktop platform and on my 
mobile devices and the developer of the desktop app and the developer of 
the mobile app are different, and they have not coordinated in any way 
on how to share and use passkeys.

KeepassXC supports passkeys on Windows, Linux and Mac. The information 
stored in the database however does not coordinate with Android or Apple 
mobile devices. Unlike with BitWarden which develops the desktop app and 
the mobile app, Keepass is too open right now.

If you use bitWarden on your PC and on your phone, you can use passkeys 
and have them all stored inside your BitWarden database rather than 
randomly stored in different places on different devices. Microsoft 
stores passkeys one way and Google does it another way. Right now, the 
best way to collect all of your pass keys in one place so they can be 
easily managed is in a password manager that supports passkeys across 
all hardware devices.  BitWarden is an example of one company that 
provides passKeys across Android, Apple, Windows, Mac, and Linux.

Google is trying to make it easy to use passkeys across Windows and 
Android by having you store all of your password information in their 
browser password manager, which many people don't want to do.

The passkey rollout I thought was going to be clean, but it is not 
turning out to be that way. The password manager that I use on my phone, 
is coded by only one person and that makes it very difficult for his 
customers to count on him to be able to implement passkeys with other 
open source developers that have no connection to him.

Drew

On 10/17/2024 1:13 AM, Rich Moffitt wrote:
> Minor point, but something to keep in mind: you're not so much 
> deleting the passkeys from the lost device as you are invalidating the 
> keys stored on that device for use on a particular service. This also 
> means that if you have passkeys for 5 different web sites on a single 
> device, you may have to invalidate the passkeys on each of the 5 sites 
> independently (unless they all use the same authentication service).
>
>
> On Wed, Oct 16, 2024, 10:04 PM Drew King via LCTG <lctg at lists.toku.us> 
> wrote:
>
>     All,
>
>     Additional info regarding Passkeys:
>
>     This is an article that covers a lot of information and answers a
>     lot of questions about passkeys. One question that was asked this
>     morning at the meeting was what happens if you lose your device
>     that you installed a passkey on. If somebody has your device and
>     they can log into it or unlock it then they have your passkeys.
>     This article covers how to log into your Google account from a
>     computer and delete passkeys that are on your lost or stolen device.
>
>     https://support.google.com/accounts/answer/13548313?hl=en&sjid=13375659196123546943-NA
>     <https://support.google.com/accounts/answer/13548313?hl=en&sjid=13375659196123546943-NA>
>
>
>
>     -- 
>     Drew King
>
>
>
>     <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>     	Virus-free.www.avast.com
>     <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>
>     <#m_5783206719160869362_m_-3868915287918397107_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>     ===============================================
>     ::The Lexington Computer and Technology Group Mailing List::
>     Reply goes to sender only; Reply All to send to list.
>     Send to the list: LCTG at lists.toku.us     Message archives:
>     http://lists.toku.us/pipermail/lctg-toku.us/
>     To subscribe: email lctg-subscribe at toku.us To unsubscribe: email
>     lctg-unsubscribe at toku.us
>     Future and Past meeting information: http://LCTG.toku.us
>     <http://LCTG.toku.us>
>     List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>     This message was sent to rich at richmoffitt.org.
>     Set your list options:
>     http://lists.toku.us/options.cgi/lctg-toku.us/rich@richmoffitt.org
>
-- 
Drew King

-- 
This email has been checked for viruses by Avast antivirus software.
www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20241017/bb443264/attachment.htm>