Passkeys and Passwordless Login: Why Shared Secrets Are the Problem

You don't lose access to an account because someone knows your name. You lose access because they reused something you were told to keep secret. For years, the internet has worked on copying secrets and then acting surprised when copies escape.

This episode breaks down passwordless authentication and passkeys, explaining why the shift away from typed passwords isn't innovation hype but an industry admission that shared secrets have become a liability. It covers what passkeys actually are (cryptographic keys that never leave your device), why they're considered phishing-resistant (your device checks where it's talking, not just what you typed), and the real tradeoffs including device dependency and the critical importance of account recovery paths. The episode walks through the security benefits of removing reuse, phishing, and credential stuffing from the equation, then closes with a six-step starter kit covering core account protection, passkey adoption, strong MFA for non-passkey sites, recovery lockdown, password manager use, and device loss planning.

Whether you've seen "create a passkey" on a login screen and weren't sure what to do or you're evaluating passwordless options for your organization, Plaintext with Rich explains the shift.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene