problems – Gen's Blog – Genevra Rose's Technology Research and Code Blog

In the tech world’s constant chase to make us more secure, “passkeys” have been hailed as the next big leap in digital security. Backed by Apple, Google, and Microsoft, passkeys promise a safer, simpler login system; based on biometrics and device-based authentication instead of traditional passwords.

Too Complicated for the People Who Need It Most

The average internet user already struggles with basic digital hygiene and not using their dog’s name in lowercase as every password. Now imagine layering on terms like “public key cryptography,” “device credentials,” and “synchronized secure tokens.” The non-technical majority finds it alienating. Passkeys demand understanding of device trust, cross-platform syncing, and recovery procedures, none of which are obvious or intuitive without working in tech.

No Smartphone?

Don’t have a smartphone or choose not to carry one? You’re gonna have to use a physical security key. An extra device to purchase, set up, and now carry everywhere. That’s more friction, not less. We’ve gone from “remember a password” to ‘don’t forget your dongle.’ It may have more usage in enterprise environments, but it’s hardly a user-friendly evolution for the masses.

You Now Depend on a Single Physical Device

Tying your login identity to your phone seems seamless, up until that phone gets lost, stolen, broken, or the battery dies. In that moment, your entire digital life can be locked behind a wall you can’t get through. Unlike a memorized password, which travels with you mentally, passkeys depend on you having physical access to your device and the means to unlock it. One mistake, and you’re shut out.

Lost Your Passkey? Fallback Will Be… a Password!

Lose access to your passkey device and you’re right back where you started: typing in a password. Whether it’s account recovery, device reset, or switching phones, nearly every major platform still uses passwords as the ultimate fallback. We’re hiding them. And when the system fails, you’re dropped back into the same supposedly vulnerable situation you were escaping.

Passkeys Only Work If Everyone Supports Them

Passkeys only function in ecosystems that support them, and right now that list is small. Until every website, every app, and every device platform is aligned on one standard, the average user is left juggling a mess of authentication methods: some with passkeys, some with passwords, some with both. It’s inconsistent, messy, and exactly the kind of fragmentation humans hate managing.

Security Is a Sliding Scale

People often claim that passkeys are both more secure and easier to use. But this is a contradiction. In reality, security and convenience live on opposite ends of a sliding scale. The more secure a system is, the more effort it demands. The more seamless and “invisible” you make authentication, the more assumptions you make, and the more holes you open up in the system.

Skip password prompts? Great for convenience. But it means your phone or physical device assumes you’re you. And if someone else gains access, they become you. The illusion of security increases, but the actual control decreases.

Physical Theft Is Easier Than Mental Theft

Passwords live in your head. Passkeys live on your devices. Devices that can be stolen or broken far more easily than your memory. You’ve traded something internal and persistent for something external and fragile. Passkeys aren’t immune to theft; they shift the threat model from phishing to physical possession (passkeys can be phished too, and in weird, opaque ways that are even harder to detect). That’s not inherently safer, just different. No one is getting a password out of me, but someone can very easily take my physical keys out of my hand.

Passkeys don’t eliminate passwords, they obscure them behind another layer of complexity. They don’t simplify security, they shift the difficulty to recovery and device management. They certainly don’t give you maximum security and maximum ease at the same time. This envisioned passwordless future is more fragile, more confusing, and more dependent on devices than ever before.

It helps me if you share this post

Published 2025-06-25 08:00:00

Back to rose.dev

Gen's Blog

Tag: problems

PassKey Problems