49
submitted 1 day ago by [email protected] to c/[email protected]

Google warns “passwords are not only painful to maintain, but are also more prone to phishing and often leaked through data breaches.” And that’s the real issue. “It’s important to use tools that automatically secure your account and protect you from scams,” Google tells users, and that means upgrading account security now.

Google says “we want to move beyond passwords altogether, while keeping sign-ins as easy as possible.” That includes social sign ins, but mainly it means passkeys. “Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required.”

This is just one of their excuses, to keep their users inside google's walled-garden

you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 6 points 1 day ago

I tried enabling a passkey on one of my Google accounts but couldn't wrap my brain around it. It felt like if I lost my phone I'd be screwed.

[-] [email protected] 3 points 21 hours ago

Think of a passkey as a specific "device" getting access to a service.

Device is in quotes here since it's really tied to the browser and your session on that browser so if you use multiple accounts or you use incognito mode, you will create a new passkey with each session.

You set up a passkey on each "device" you are using Google and then manage those keys through Google's account security web site, deleting keys as needed.

I'm personally not a fan of passkeys as a replacement for passwords. They provide a second factor but should not be relied upon as the only factor for authentication.

load more comments (1 replies)
this post was submitted on 08 Jun 2025
49 points (91.5% liked)

Privacy

2596 readers
314 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 7 months ago
MODERATORS