Microsoft is changing how you log in to your accounts

&quot;Passkeys, on the other hand, can’t be stolen or forgotten. They’re strings of letters and numbers that are unique to your account, stored on your device or in a safe cloud environment. You don’t need to memorize them — they’ll automatically unlock your accounts when you go to log in.&quot;<p>What prevents passkeys from being stolen or copied?<p>Can you export or backup your passkeys? Can you arbitrarily expire a passkey and re-key where it was being used?<p>If you cannot, then they are not <i>your</i> passkeys--they belong to Apple, Google, Microsoft, etc. and they have locked you into their ecosystem.<p>If you don&#x27;t control your passkeys, what stops those who control &quot;your&quot; passkeys from using them without your permission?

&quot;can’t be stolen or forgotten. They’re strings of letters and numbers that are unique to your account, stored on your device or in a safe cloud environment&quot;<p>Can&#x27;t be stolen, but are stored on a device that could be stolen? How do I then authenticate myself, if they&#x27;re stored on my phone then they&#x27;re only as secure as the authentication mechanism I use on my device. What if I need to access my Apple account because I lost my device if I&#x27;ve lost my device that the key is stored on that I can&#x27;t remember?<p>Stored in a safe cloud environment, geez where have I heard that before.<p>If I don&#x27;t know what they are and where they are then how can I control them? How do I authenticate myself to my account without having something on myself that&#x27;s either remembered or something I have that could be stolen<p>If this isn&#x27;t something I can really control or recover myself from, then I am worried about the idea of asking Microsoft for help if I am locked out<p>If we come back to basic principles of an authentication mechanism that is something you have, something you are and something you know. Where does this fit into?

<a href="https:&#x2F;&#x2F;archive.ph&#x2F;IMnv4" rel="nofollow">https:&#x2F;&#x2F;archive.ph&#x2F;IMnv4</a>

Given how much paranoid the IT department on my company is nowadays, I wonder how long it will take for them to force passkeys.

Article title is clickbait.<p>All MS is doing is adding another option.