Google’s web based Home implementation evidently now requires passkeys. Passkeys are yet another hurdle to prevent hackers from gaining entry to your stuff and involve a second factor of authentication, in this case my Pixel 8 Pro and a thumb print.

Something happened when I attempted to use my phone as a passkey and that is it failed. Failed hard claiming it was not near the computer I was using, and I had to repeat the steps and pay attention.

The passkey request on your phone is that something has requested access, you have no options but to tap the box and then it asks for your thumbprint or other unlock – at no point on the passkey screen I was presented was there an option of “hell no, this isn’t me.”

I attempted to recreate the steps because, well, I wanted either a screenshot or a picture of what was happening but my computer that I am posting this on now has an inability to send a passkey request using Edge (Chrome has its 24 hours token so that’s not happening again.)

The inability to trigger a request for a passkey unlock concerning enough, but there being no clearly labeled what is requesting this is more. As a note there is a site name listed (google.com) I managed to force using a QR code to passkey unlock as it would never actually do anything.

There’s just a standard looking fingerprint unlock with small text saying something wants to identify me. No method visible to not validate and move on.

Pretty sure this lack of text to let people know their account is going to be accessed somewhere else is going to come back and bite someone on the butt.

“What? oh ignore that just unlock your phone and tell me what you see…” $15,000 later…

Would really love to see a more verbose implementation that includes “you’re unlocking your account to a different device, do you really want to do this?” message – or something similar.

Are passkeys really any good? by Paul E King first appeared on Pocketables.