October 28, 2025
8s vs 69s: nice or nope?
Passkeys: They're not perfect but they're getting better
Password-free hype meets “what if I lose my phone?” panic
TLDR: Britain’s cyber agency says passkeys are safer and faster than passwords but not ready for full rollout. Comments erupted: fans cheer real-world progress across devices, skeptics fear losing a phone or locking everything behind one vault, and some call the whole idea a nonstarter — stakes are your online life.
Passkeys are supposed to finally kill passwords, and the UK’s NCSC says 2025 is the year they grow up. They’re faster (Microsoft clocks 8 seconds vs 69 for password + code), phishing-proof, and unique to each site. Yet even the NCSC isn’t ready to rubber‑stamp mass adoption. Why? Too many flavors: device‑locked keys, synced keys, dongles — and websites don’t agree which to support. The result: confusing “it works here, not there” logins and anxious what‑ifs when you lose a phone.
The comments went full soap opera. oldestofsports asks if we’re just hiding “all my passkeys in a vault” behind one password — cue eye‑rolls and applause. varbhat shows the glow‑up: Bitwarden passkeys now sync from Samsung Android to Linux Firefox, stuff that “wasn’t even possible at the start of this year.” Then comes the dread: nabla9 likens device loss to losing your fingerprints, and JohnFen drops the hammer — some issues make passkeys a nonstarter. lknuth wonders if a Yubikey could unlock local apps like a vault. Meanwhile, the 69‑second stat sparked “nice” jokes, and one wag called passwords “boomer tech.” The vibe: half the crowd chanting “passwordless now,” the rest clutching their phones and backups, waiting for the industry — and NCSC — to get the messy bits right.
Key Points
- •NCSC views passkeys as the future of authentication but has not yet recommended mass adoption across all services.
- •Passwords are vulnerable to phishing, weak practices, and reuse; MFA helps but is not universally enabled or equally strong.
- •Passkeys are securely generated, non-phishable, and unique per site, improving security and usability.
- •Microsoft reports faster sign-ins with passkeys (8 seconds) versus password plus second factor (69 seconds).
- •Adoption hurdles include inconsistent support across different passkey types (device-bound, physical tokens, synced), complicating website implementation and user experience.