I would use this in addition to those. Instead of having to buy two Yubikeys I can buy one and use a software solution as well.
Since I already use a phone capable of doing the same thing, let my phone be my main authenticator, and then I can use a Yubikey as a backup.
It's not like one is necessarily better than the other, except that you already carry a phone and they're capable of being a hardware device that works with Webauthn. No need to carry a second device or, pay for one, for that matter. Since at least with Apple's solution it'll sync over iCloud Keychain.
If you're happy with Yubikey's, nothing changes. But for the average person, this makes Webauthn an option without having to buy any hardware or carry something you are more likely to lose because you don't understand the intricate details of how the thing works. I wouldn't expect my parents to understand how a Yubikey works well enough to know it should be used as a pair, for backup purposes, but that is a barrier to entry for them that they don't need to worry about now.
"To address the common case of device loss or upgrade, a key feature enabled by passkeys is that the same private key can exist on multiple devices. This happens through platform-provided synchronization and backup."
Thus, unlike a FIDO2 key, you don't have to visit every online service to tell it about the new redundant keys you add.
The rest of the security article linked by madjam002 goes into detail how Google implements their version of that backup. It's a bit like Keybase in the sense that your other devices act as keys to unlock the backup for new devices.
Passkey will be supported, with no new user behavior, by ~a billion devices currently in use. It is better because a billion+ devices already have support for this.
This is public-key-crypto-based authentication for the average user who will almost certainly never buy a security key but who probably owns a device that offers secure identity verification (laptop, phone).
Yubikeys are great but they're super niche. Among Android users alone there might be a billion people who will never buy one.
At the very minimum, one undeniable technical advantage Passkeys have -- that they share with their foundation, WebAuthn -- is that Passkeys are unphishable.
Don't all fido2 yubikeys support webauthn? They have the advantage that they can't be cloned/sync/etc. Might be an inconvenience for some but for me that's an advantage.
selykg|3 years ago
Since I already use a phone capable of doing the same thing, let my phone be my main authenticator, and then I can use a Yubikey as a backup.
It's not like one is necessarily better than the other, except that you already carry a phone and they're capable of being a hardware device that works with Webauthn. No need to carry a second device or, pay for one, for that matter. Since at least with Apple's solution it'll sync over iCloud Keychain.
If you're happy with Yubikey's, nothing changes. But for the average person, this makes Webauthn an option without having to buy any hardware or carry something you are more likely to lose because you don't understand the intricate details of how the thing works. I wouldn't expect my parents to understand how a Yubikey works well enough to know it should be used as a pair, for backup purposes, but that is a barrier to entry for them that they don't need to worry about now.
LibertyBeta|3 years ago
Once passkey support comes to bitwarden I'll be a little more comfortable I think.
sowbug|3 years ago
Thus, unlike a FIDO2 key, you don't have to visit every online service to tell it about the new redundant keys you add.
The rest of the security article linked by madjam002 goes into detail how Google implements their version of that backup. It's a bit like Keybase in the sense that your other devices act as keys to unlock the backup for new devices.
runako|3 years ago
mpalmer|3 years ago
Yubikeys are great but they're super niche. Among Android users alone there might be a billion people who will never buy one.
aseipp|3 years ago
postalrat|3 years ago
potatoz2|3 years ago
eli|3 years ago
jrm4|3 years ago