r/passkey

How are passkeys safer than complex passwords with 2FA Authenticator? Are there any circumstances where the latter may be safer than the former?

With Passkeys is their a greater risk of losing access to the account?

And how do Passkeys compare, in terms of safety, to using a hardware authentication device Isuch as a Yubikey)?

Hello everyone. I recently remembered about passkeys and the fact that you can store them in Bitwarden. At first, I never used passkeys because I thought they weren’t secure, but it turns out they’re better than passwords.

I’ll be using the following security levels for all my accounts: (the higher the level, the more secure?)

• Yubikey Security Key as 2FA;

• Yubikey + OTP 2FA(Ente Auth), as some services require a backup;

• Only OTP 2FA(Ente Auth);

• Standard 2FA via email or phone number;

• Without 2FA. All my passwords in every account is randomly generated by Bitwarden.

And now I’ve learnt that Passkeys should be used, and that they’re actually better than OTP – they’re hard to enter on phishing sites, also thay are very easy to use, some of them you can use as password and 2fa, and you dont need to open Ente Auth and write a OTP code. And I’m completely confused now. As I understand it, there are two types of passkeys:

Cloud passkeys: these can only be stored in Bitwarden. But sometimes it seems you can also use them on a YubiKey. And here’s another confusion: such passkeys can act as 2FA, or they can completely replace the password and function as 2FA + password. So Yubikey can function as 2fa + password???

Hardware passkeys: Can these only be stored on a YubiKey, like in WebAuthn format? But usually the FIDO2 standard is used??

And every service uses all this differently, with different combinations! I wanted to create folders in Bitwarden for each security combination, but there are too many of them. It’s absurd. What should I do? I’m curious how you all use this? Or is it better to just give up and not use Passkeys at all?