Comments by "Perhaps" (@NoEgg4u) on "Passwords vs. Passkeys - FIDO Bites Back!" video.

  1. @2:10 "...and they all synchronize, up to a cloud (someone else's computer)". Isn't it taboo to let anyone else have your private key? @8:35 "...they may be able to crack those, and come out, with what is the actual password, if given enough time". If your password manager creates a 15+ character, cryptic password, then the amount of time would be half of forever. And with a password manager, you can use a 20+ character, cryptic password. You would have a better chance of winning the lottery, three times in a row, before being able to crack a 20 character password, such as this: ayba]{(<[%+H JS616@A And, the attacker would need to know which hashing algorithm was used, and would also need to know if multiple iterations of hashes were used, and if salt or pepper was used to further complicate generating the hash. If you lose your computer, it is somewhat simple to change a user's password, making it somewhat simple for whoever has your computer to login to your computer. Now that they are logged in as you, your passkeys are at their disposal. And if you ever bring your computer in for a repair, they can clone your drive, plug in the cloned drive to their own computer, login as you, and they have your passkeys. With a good password manager, then as long as you use a strong master password, and you also have the password manager create virtually unbreakable passwords, then you should be fine. And some password managers will not paste in your password if the site is a fake. A user might not detect a similar (but different) URL. But a password manager will detect it as a different site. Passkeys do not do that. Lastly, password managers allow you to easily make copies of your encrypted password database. You can store those copies anywhere, even on your arch nemesis's computer.
    1