Passkeys are the next big thing in internet security. In essence, they're a great concept: Instead of having to remember passwords or use a password manager, your device will authenticate cryptographically with services, using biometrics or your device password for authentication.

This basically eliminates all (user-facing) problems with passwords, as you no longer need to remember them, write them down, or use an extra application to manage them, but it does come with one flaw that I cannot look over: Most people are going to be giving these passkeys to Google.

Google is likely going to be the #1 provider together with Apple for managing said passkeys. This is because of the fact that they're intended to be stored somewhere safe once they've been created, and for ease of use Google and most likely Apple will take it upon themselves to store these for you. Whilst this is a huge plus for synchronization and not having to back everything up, it raises concerns regarding trust: If you give Google - which already knows lots about you - your Passkeys, and thus access to all your accounts, is that really the right thing to do? After all, many people are already concerned about the data that Google has on it's users and how it gets used, so giving them the literal keys to the entire rest to your online life seems like a risky move.

I suspect that just like many other recent additions to "Android", Google will advertise this as a new Android feature once it gets rolled out big time, when in reality it's tied to Google Play Services / GMS. Just like Nearby Share and many accessibility features in the past have been provided by GMS and not Android itself, as advertised. This will make it harder for anyone using Android trying to de-google or become more independent to move away from Google's services; It will require everyone that doesn't use Google Play Services to get a seperate password manager which supports Passkeys (e.g Proton Pass) and keep it secure, as well as not loosing it at any cost.

This isn't the biggest issue in the world, but I believe this is something that needs to be considered and that I am not hearing enough people talk about.

---

Thanks for reading! I wish you a good rest of the day, evening, night, or whatever other time you're reading this!