Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Google Announces Support for Account Passkeys

akashagrawal said:
That was just an example off the top of my head. And not necessarily. I'd expect the company doesn't store most of the sensitive stuff in plain text. This doesn't say anything about their privacy stance. It's just standard practice.
Click to expand...
If someone were capable of breaching Facebook servers, they probably wouldn’t need an individual user’s authentication credentials.

I agree with the rest of your post.
 
Cromulent said:
I would assume that Facebook encrypts all the data on their servers, so probably not.
Click to expand...
They would, but if someone were to breach their servers, their systems and encryption keys may also be compromised.

Passkeys would still be beneficial in this case for users that have reused or weak passwords, as it would protect their other accounts from being accessed.
 
  • Like
Reactions: arkitect
mystery hill said:
They would, but if someone were to breach their servers, their systems and encryption keys may also be compromised.

Passkeys would still be beneficial in this case for users that have reused or weak passwords, as it would protect their other accounts from being accessed.
Click to expand...
That is true. I currently use Bitwarden as my password manager, so I need to look into its passkey support. I know it supports it already but I've never used it.
 
  • Like
Reactions: freedomlinux and arkitect
I've spent the last 10 mins trying to figure out how to add my iPhone as a security key. Doesn't look like it's added for my Google account yet? .....

Keeps asking me to insert a physical key...

If I can't figure this out, the normal user won't be able to.

Edit: thanks to @mystery hill 's help - all good (see following posts).
 
Last edited:
  • Like
Reactions: TheYayAreaLiving 🎗️
Off the back of another topic about thieves gaining access to people’s iCloud accounts by simply having the device passcode, what would a thief be able to do to people’s accounts if they had access to someone’s device and knew that persons passcode?
 
BigMcGuire said:
I've spent the last 10 mins trying to figure out how to add my iPhone as a security key. Doesn't look like it's added for my Google account yet? .....

Keeps asking me to insert a physical key...

If I can't figure this out, the normal user won't be able to.
Click to expand...
You’re using the incorrect section.

There’s an option to create a passkey, which is different than than the security key two-factor authentication that you have selected - that’s meant for physical keys, like the Yubikey.
 
  • Like
Reactions: BigMcGuire
mystery hill said:
You’re using the incorrect section.

There’s an option to create a passkey, which is different than than the security key two-factor authentication that you have selected - that’s meant for physical keys, like the Yubikey.
Click to expand...
Maybe not activated for my personal google account yet?

1683127345200.jpeg


I get this on my phone when trying to access https://accounts.google.com/signinoptions/passkeys :p

Thank you for your help :)
 
  • Like
Reactions: TheYayAreaLiving 🎗️ and mystery hill
mystery hill said:
You’re using the incorrect section.

There’s an option to create a passkey, which is different than than the security key two-factor authentication that you have selected - that’s meant for physical keys, like the Yubikey.
Click to expand...
Boom just started working. LOL So either I figured it out or something started working on the back end. :D Thank you again!

1683127699019.jpeg
 
  • Like
Reactions: TheYayAreaLiving 🎗️ and mystery hill
Don't need no stinking new fangled passkey gimmicks. My password is unhackable, but it does take me a while to enter, and as a bonus it prevents me from angry texting and forces me to install everything from scratch from time to time:


mQINBGOQ55oBEADvcFqqBmNZMvi7IYwy5hLxGoA5mkhb8Xn1yi2E/o0tg3Td69XQ
iMePRcWCTXQKGUcX6gLJrznkNvT+uYjKkD3XFMnZ5AFUfg649/bPNRkJR1D2a6y1
5kH3O4e2t4Q0P5XKK/y579QIGRDjPuUEmOfOnL3ccJ2YEsMP5dcNhDwp4S1e7pTM
F3Jhr0g8iMcyfYzsCo2GYTEvtWYT87SHWeCjJAo/1x3T0SvMeIFfie9DRa8+4eqp
vmsbvwGWFFAmUZnrbHEln+N+yrxhuUc4N8L0TSOo19zLkyeiCdtOK+P5Ogvb8Sox
P2aF7+x146CGZVhkLfSt8g9SvhAu0Ilqh/4w1pcijwiY8FONZaPTDX7+5XEMZuEz
89S+1NX2vJaNGT4+5XM5ITOQeYYg6OLiPC0bnMOCfsKaG2X3ENoYigmrp3ZGB+qJ
FvpYLgTJaQq+hzGqEDC8bOuMhfEmN+ohLMmJNfm5xlQ8Aa2jnxsDhIii7KXUptl6
S5XiSKuPUxy9wgzsgXns3cc4+JnE1R1fSt45xkqwjIopijYSObktbBNGLt5pBFSJ
qeSe64pepeg7lIdvHWG8CdYWEZc6FIIlRU6sTL73Jn5G5aevkPoM8q4C2xmBCJop
fZPSQlvznDPmTi9tcxn3MoxH5d5cxmpAf/Q5l3houoOY8z543XT7i8o4iwARAQAB
tAR0ZXN0iQJUBBMBCAA+FiEEVdUvy689UJyc3qiwQ1Xy9i0VDrsFAmOQ55oCGwMF
CQeGH1cFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQQ1Xy9i0VDrsT2g//ext0
MFdwxjJsX9PBUDquccFTrb2meYTDAr1rH7GVP8+ibkb2cAplSzdyeBs6wjMlI0B/
Jp6CZ5NW0VBIqQjP3roJB3G2ytLMpObFmh30up2tZHL+SoZit4MXlvJCAJyRMBOF
FRfLcekEbkgUoruPKJrUhwGRNhzD3U6TkGqZenSOPc6GxRKM3rTKYyeqVfQ7Iwj6
C3cKpgJx/qscghWITKzDUQs510KEJ1/+YL436qgCj/e/as8i6Y9Jb7AA6LsNkkxb
+IoKRTJDAm8I/ufcOuv5RUh8MmkThH9nlfw3pQvrtpVWyrXls6f865NggndVJmao
5c1iX07MNs/3RQWrCGLoDQxS4Fq4eQdY5pcSNLOQMNdnZEpNZ18f6+e8HMwXkg9y
nxoKSth4H/uXTk5D0B5Xg+khHl1EkYUu8aVwTHioO3LetK40zKQDY64VGmBa2u6p
85d+Zh7WacAKgrGN7IX84u5azTu2HfU8Jnz/O1X/vFEU7/tzWCHZhfutwLLeLmBN
Ln9SZ3cSc9oTpWhI9NGWG1oEtS3V60O2fxEtRmr+ex+xB2FQBQKtc80GefGc3D2i
hhXsFx+MUgGlMXjQSx7lDmXufFaqwWwE3aeldEU69NIgzKq6seKswBSp1aX09VqJ
PE5GDX/+02Mhk5IZkbdXIGLGRp2hII1lKZ2mkby5Ag0EY5DnmgEQAOn19BLi2THE
60U8itBNHUH+LlWL1KKFdM3YVpnWxAmWvNFt9aQfbKqcj3OUUadJ/BQpom6Y5feG
JbgXzsE9P9FmY5SGAtWBpAiGRdHdd6GPeV85wFKeloULEC49CSIrjob0nze2SyNs
TjsKsaWCLaJ620OHkjYTIM/wGKGajEcT6rsyhVirtpTCbYp4QYcXcp75/A02lgCo
Qv8x70fafW9hiPcB7JDhL/0EAyBqXWsHt0I1pWh9UNqWjmC3NIGfBLhS2G+MX2yX
GQ4s5CnaudoSWgRNgB1nkb+iuPtnDc2h60WsFNhNNZOQikdDuPrI06KBe2HKX0C8
PLOk5Y6S9utUB4MpaaBS7i45laXbd7vEdbPS7FEmz8dimoBRi5wvnNAWNkQe+/RT
Pv1HD9+WM0U2jAHdpfgGDTvDn7mAYvh77OWoFNeCR1Sk3zNbzzx/Mcs/SGeOJCZr
zYPIa6uVFgiOo5sjRlBPzUnJPKQc4YFkc65AxcmXaPpug2tD2kmehtsbIA8+4An1
bWZibQwZKCqNwpOOGKHnw23oMsk2UfKiR4YEbk3cqZB7hWqLbalR30Z+cFhgsAJ/
05enhjLSliOc65m06FyW2yJYyBvMnMeh4zTCzTbqugKUDr5BjRSgLPRDbnyI3D9f
YHSPR20fG5O5Jo00XVaODEdlhNcORYYZABEBAAGJAjwEGAEIACYWIQRV1S/Lrz1Q
nJzeqLBDVfL2LRUOuwUCY5DnmgIbDAUJB4YfVwAKCRBDVfL2LRUOu6nfD/9E9dqg
p9Emhm17rh8UVVRFb/ufezmyKEiKmKewW7cOlb2cmItcY3ffdNt0+ASXAfjUjN+p
cEfeb6mFSQJvDcIFZFn3HmZRySgyz9uII9R4cv7IX36UnV7yM1O9YWa0GyamDGVZ
SUxJEderuROxgZpo/3lxcqqRcdyJQU2OIqNyelkAYWPeB+tCP827nBZ6xf2IJ7HK
4k0vrKgKEyUwigml/WeErzCygQXsKVox+sBwCi2ZgL+3kZKIVPvjZQlinQmpPDsr
BCPKg7ZTtahDfPRS2tU30TSbJux6p2S6/keDx4VrmCrFHKab6JBq3KDuNPjGCCDr
h0Zo0fzhVa+85U90ra9VHI13W7jcUgeUAflvsGw5mAQZ4KMQp++6/H2OfC5TfV6N
rrgKSx6wTmoLO3zqTpG80t4wX85YmVU/Jwfij83GLm+hqVbGcaQ78Qb5IH9gztCQ
8IIz8c55ONE4iu7DQWxmOuksnN7j58kwn16ovErdsDAggYgN+D8GKIOj1ALGdSOW
PwE7CbG0K9IeLKr2TabtdUEz6YwVr1A1J3OgSdYSRLDa17GFw1hgxA4aip6XxyBv
JngSb3jqbk9646eSHSoK//alkaPF277Gn0PKSmR+Ex0ibfGc6SEl8s1zz3lQxBjF
zwF9ft9F1vIf+0dsQLyxMp01qY/1yWMmayJUww==
=ID0y
 
Last edited:
  • Haha
Reactions: VulchR, TheYayAreaLiving 🎗️, frumpywumpy and 2 others
mystery hill said:
If someone breaches Facebook servers, they could access all Facebook data, without needing any individual user’s credentials.
Click to expand...
This would be very unlikely and would certainly need to be an inside job. I wouldn’t worry about that. Most data is scraped using bots and those can only get a tiny amount of data generally through getting people to friend them.
 
akashagrawal said:
If your face-id or device passcode gets compromised, yeah, your passkeys may get compromised too. That's not the problem passkeys are trying to solve, though. In your scenario, an attacker will only gain access to your accounts.

Right now, most website servers store hashes of passwords for all their users, and attackers can use different techniques (like rainbow tables) to convert them to actual passwords. This is what passkeys are trying to eliminate.

Your passkey is made up up private and public key. The private key never leaves your devices, and never gets stored on, say, facebook.com's servers. So even if someone hacks facebook.com's servers and gets billions of users' public keys, they don't have jack **** because you need private keys to authenticate fully.

In simpler words, passkeys don't eliminate threat to your device passwords. They're eliminating large scale data breaches on companies' servers.
Click to expand...

That was one of the best explanations I’ve come across 👍🏾
 
So I have just tried changing my Google account password, and this can be done with nothing more than the iPhone passcode once you have a passkey setup.

This basically means that your device passcode will become the key to many more kingdoms than just your iCloud account.

It's going to be more important than ever to protect your device passcode from prying eyes.
 
Just tried it and it works great! I hope to see the end or near the end of these data breaches at this time a decade from now when all major institutions and services have implemented passkeys!
 
4nNtt said:
This would be very unlikely and would certainly need to be an inside job. I wouldn’t worry about that. Most data is scraped using bots and those can only get a tiny amount of data generally through getting people to friend them.
Click to expand...
It’s unlikely, but possible, that someone would breach their servers.

This is one of the reasons for Apple offering Advanced Data Protection — so that a user’s data is safe even if iCloud servers are compromised.

The method of user authentication wouldn’t prevent access to Facebook data in this situation, but using passkeys would at least protect accounts from other services from being accessed.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back