Hi Albo,
Passkeys, or "passwordless authentication," is a very new technology. At this time, mSecure doesn't support them, but it is something we have on our radar. We hope to have support for Passkeys as soon as they become more widely developed and open source.
One of the open questions for me on Passkeys was how they were going to be replicated across devices. According to a recent Wall Street Journal article, at least one major player, Google, will depend upon Password Managers to provide this capability, including their own password manager. And all the major players: Microsoft, Google, Amazon, Apple, etc. are going to start pushing the use of passkeys. So I look forward to mSecure's inclusion of passkey's in their product.
Things are evolving more and more to just one key (think mSecure account password) to unlocking the whole security kingdom. This is both good and bad news. Good news in that you can now rely on one (preferably long) key to get you into the kingdom. Bad news is that if a bad actor does get in, they'll have access to EVERYTHING. mSecure has an advantage here in that they are a smaller player and therefore are less likely to be targetted by hackers but still...
Makes me want to convert everything to gold and put it in a hole somewhere. Sigh...
Hi Jerome,
Thank you for the post! We have been researching passkeys in general and how we're going to implement them for sometime now. The problem so far is that the technology is so young that implementation details not abundantly available. At this time, most of the 3rd party developers that are investing in passkeys are those that became part of the organization that has been heavily promoting the technology, so it's been larger companies with far more resources.
Another thing, while we have intentions of fully supporting passkeys in the future, there are some things that are still up in the air as to how everything will flesh itself out later. For example, we're not sure how companies are handling what happens when a user loses access to their device, whether it be stolen, broken or some thing else, and they need to get access to an account. Most companies are still requiring an email and password to handle these situations, so the problems that passkeys solve are really not fully solved yet. I'm guessing they will be solved in not too long a time, and thus we and most every other password manager company, will be incorporating support for them, but we still have awhile before the usage of passkeys will be ubiquitous.
Albo P.