Table of Contents
This is an old revision of the document!
[This page last changed 2024.03.05 12:22; visits 7 times today, 6 times yesterday, and 1234 total times]
Presentation can be include https://blog.1password.com/passkeys-vs-passwords-differences/
Passkey vs Password. What's the difference?
Password: alpha-numberic-special character sequence, a shared secret. Longer and more complex is better.
Passkey: Uses Public Key Cryptology.
Short video, Passwords: use and risk Marx Brothers
Using passwords
- Sign up with a website, eg, buystuff.com
- Buystuff accepts a password you create
- You need to remember this password, using a password manager like KeePassXC or others
- When you log in, you need to send the password to buystuff.com
- Buystuff makes sure you entered the correct password and if so lets you in
Using passkeys
- Sign up with a website that supports passkeys, eg, goodstuff.com
- You are using a password manager that supports passkeys
- Your password manager creates a public and private key that's unique for you
- You give the public key to goodstuff.com
- The private key never leaves your device
- When you want to log into goodstuff.com, the website creates a secret number and encrypts it using your public key, sends it to you
- Only you can decrypt the message as only you have the private key
- You decrypt the message and send back the secret number or phrase to goodstuff.com
- The website goodstuff.com receives this, compares it to what they encrypted and sent, and if matches they know it is you, and you're logged in
A lot of this happens behind the scenes.
1. Passkey Example
Let's try a simple public/private key and we'll use addition as an operation and 3-digit numbers to make it easier for this example.
- Pick a public key:
359
; private key will be751
. - Remember, everyone can know the public key but only you know the private key.
- Suppose message is 246
- Add public key:
- 2+
3
= 5 - 4+
5
= 9 - 6+
9
= 5 (drop the carry)
- Thus the encrypted message is 595, they send this to you
- Anyone monitoring the communication only sees 595 and even though they know your public key, they can't decrypt the 595
- You receive the message 595 and decrypt it using your private key (751), as only you know this
- 5+
7
= 2 (drop the carry) - 9+
5
= 4 - 5+
1
= 6
- and you have decrypted the message and see 246.
Note this is a simple example. In real life a much larger public key and private key would be used involving large prime numbers and complex mathematics. See: section below for 'gory math'.
2. Live Demonstration
2a. Using existing passkey
On smi's Muscat, log into Shopify.com using BitWarden for either shopify1 or shopify2 account and its passkey.
2b. Creating passkey
This from video this Bitwarden demo video
- Set up environment once1)
- Go to Shopify.com
- Create account with password. Save to Bitwarden.
- Verify email so account is active.
- Log into Shopify.com, use Bitwarden.
- Manage account, Security
- Create Passkey
- Save it
- Log out, log in. Select the icon where userID is entered, select Shopify.
- You're logged in.
Password Managers Supporting Passkeys as of 04 March 2024
App | Passkeys | What's for free? |
---|---|---|
Bitwarden | Browser only | Free: 2 users, 2 collections, Unlimited devices & passwords, passkeys, username and password generator. Online vault only. pricing and details Bitwarden and passkeys (search) |
1Password | on Android | Free for 14 days. Individual plan $2.99/mo: 1 user, unlimited devices & passwords Passkey support on Android |
Dashlane | yes, mobile only | Free: 1 device at a time, 25 passwords. Paid=“Premium” $4.99/mo, many devices, no limit on passwords, VPN. plan comparison |
KeepassXC | browser only NR4PT | Vault where you want it. 1 user, unlimited collections, devices, passwords. Password generator. Not sure passkey details. Note: you save your encrypted 'vault' where you want, eg: your computer, memory stick, cloud storage. |
Apple | requires iOS & iPadOS 16, MacOS 13 or later. | No charge. Details on use |
yes | about and link for setting up |
info on Keepass and passkeys.
NR4PT: Not ready for prime time (my opinion)