Exciting things are coming - our community is moving to a new home!
Whilst we make this move, the community is now in READ-ONLY mode today and there maybe some downtime (we will try to keep this to a minimum). Learn more here.

Blog Post

Community blog
1 MIN READ

The Secure Element Podcast - Episode #6 Passkeys

Bigdogburr's avatar
Bigdogburr
Google Team
5 months ago

Hey Friends,

Episode 6 of The Secure Element is live, and this month, we’re diving into Passkeys.

I sat down with Harsh Lal, Senior Software Engineer for Android Authentication at Google, and co-chair for the FIDO Alliance Financial Group, to explore what this next evolution of authentication means for both personal and enterprise security.

We dive into:

  • The password problem: Why complexity rules and password reuse create “keys to the kingdom” for attackers.
  • Hardware-backed security: How passkeys live in your device’s Secure Element, making them virtually impossible to fish or extract.
  • Enterprise readiness: Integrating passkeys with SSO providers and how to manage them.
  • Hybrid flows: Using your phone to securely unlock apps on your work laptop via encrypted proximity tunnels.

Listen to the episode here: 


Deep Dive
To learn more check out Harsh’s blog series which tracks the evolution of FIDO experiences on Android, and explores how passkeys work across devices via Hybrid transport to make passwordless authentication available everywhere.

Drop your questions in the comments - we’d love to hear how your organisation is approaching a passwordless future!

Stay secure,

Burr

 

Missed an episode? Catch up here:

Updated 5 months ago
Version 3.0
security
smb

4 Comments

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    4 months ago

    Thanks Bigdogburr​ for a very interesting podcast - it's great to kickoff a conversation on passkeys and authentication. I feel like this is an area it would be great to speak more on. 

     

    I want to do a shout out to Rakib​ for creating a topic late last year on passkeys. Your post and comments were really thoughtful and so we wanted to provide a bit more information on passkeys here in the community - so thank you.  This podcast is very much a starting discussion, and would love to hear more from you and the rest of the community on authentication, so please do share any questions you have below. 

     

    Once again, thought you might be interested in this next episode - it would be great to hear what you think and if this is an area of interest Moombas​, Michel​, Alex_Muc​, jarmo_akkanen​, davidguill​, Mikey123456​, DenisBrentel​, xirlamaister​, italianAlexEng​, naren_malepati​, Etienne​, BenMcc​, mattdermody​, Yann_ROLAND​, Magcho​, jeremy​, Kris​, Vin2K​, jasonbayton​, NazD​, SF​, weberda​, Flo​, Kristen​, MelkonTorosyan​, turquet​, Marcel_K_XDMT​

     

    Lizzie

  • jasonbayton's avatar
    jasonbayton
    Level 4.1: Jelly Bean
    4 months ago

    Thank you Mike! Insightful as ever. I've been enjoying moving many things to passkeys and hadn't given much of this a lot of thought.

  • Michel's avatar
    Michel
    Level 4.0: Ice Cream Sandwich
    4 months ago

    Another interesting one, thanks Bigdogburr​

    I have to admit that I don't really use them, but thats mostly because I don't know enough about them. I really should get started with it and this video helped with a bit more background information. 

     

    People around me, enterprises and individuals, don't use them either. It's not that common yet, at least not here, I think. 

  • Alex_Muc's avatar
    Alex_Muc
    Level 3.0: Honeycomb
    4 months ago

    Passkeys are pretty cool. The only problem is that for many people, they are not as easy to grasp and understand like a normal password. In addition, there are quite a few bigger platforms that do not yet support passkeys. This page can be useful for getting an overview:
    https://passkeys.directory/

     

    From 18:37 onwards, the video is about cross-device/hybrid flows. My first attempt with such a QR code failed immediately with a big eCommerce website an a work laptop (VPN connection to a corporate network, Proxy configured in the browser). 😅 I'm not sure if the proxy is the cause of the problem. In any case, the experience on a device without VPN/proxy was very good with the hybrid flow. 🙂