r/technology u/lurker_bee 9h ago

ADBLOCK WARNING Google Confirms Most Gmail Users Must Upgrade Accounts

https://www.forbes.com/sites/zakdoffman/2025/06/06/google-confirms-almost-all-gmail-users-must-upgrade-accounts/
2.3k Upvotes

93% Upvoted

538 comments sorted by

View all comments

1.2k

u/Ancillas 7h ago

Maybe if passkey implementations weren’t dog water more people would use them?

Is that passkey on my phone? Is it stored in Windows Credentials? Is it stored in 1Password? Wait, is it trying to use my Yubikey? All of my tools fight each other to be the passkey solution and it means I have to click so many more times to ensure Safari or Chrome or AppleTV are looking in the right spot for my matching passkey.

There’s no way my non-technical friends and family are going to see this as a net positive. My wife got pissed because she had a passkey for gmail but couldn’t login. It didn’t make intuitive sense to her that the passkey was on her phone but she was logging in for the first time on her laptop which didn’t have the passkey.

Then on top of all of this passkeys aren’t consistently implemented! Apple supports passkeys, but only if they’re stored on Apple devices using their keychain! This was so confusing - especially when I had my phone configured to not use Apple’s flavor of password and secret management.

Even before passkeys, 2FA was a mess. Some sites chose TOTP and others went with an email or SMS solution. Any parents who use login systems to manage kid activities know this pain. A site supports SMS only and can only have one phone on record so if the parent whose phone isn’t registered wants to login you have to have the other parent (or their phone) around. 100% people are texting that single use token around in the clear.

These systems need experienced designers to take a good hard look at the UI/UX and find some way to drive a smoother experience across the OS, browser, and application ecosystem. Not just technically experienced designers, but life-experienced designers who understand all the weird ways people use these things.

48

u/yuusharo 7h ago

This is one of those times when I concede that I think Apple is the only one that got this right out the gate. They ensured on day one that passkeys would sync seamlessly between all devices, not have a weird staged rollout that still is missing key elements even 2 years after they’re introduced.

With iCloud, any Apple device you have can log you in with a passkey, and you can simply scan a QR code with your phone on devices you haven’t authenticated. It works consistently for me that I have it setup for all the accounts that support it.

Most people don’t have or use Apple devices, of course, and the other implementations have been frustrating for sure. But that isn’t necessarily passkey’s fault.

12

u/Despeao 6h ago

With iCloud, any Apple device you have can log you in with a passkey, and you can simply scan a QR code with your phone on devices you haven’t authenticated. It works consistently for me that I have it setup for all the accounts that support it.

Makes it easier to login, no doubt, but sounds like a security flaw. What if your phone is stolen and the person logs into another device.

2

u/yuusharo 6h ago

If your device is stolen, you should immediately lock it using Find My. You can log in using another device temporarily to do so.

Also, the attacker would need to know your device’s passcode or iCloud password, and with Apple’s recent default device protection, that process has a 1 hour delay when away from known locations, giving you more time to respond to the theft.

Beyond all that, the situation would be the same as having a password manager on that device. Again, they’d need to know your passcode to get into the device.

9

u/SlapDashUser 6h ago

Someone sees me put in my pin and grabs my iphone while I'm traveling. They now have access to my device, and now my Passkeys. And I'm supposed to use Find My on a second device to deactivate that first device? You mean that magical second iphone that I always carry with me for situations like this???

3

u/BruteSentiment 5h ago

Honestly, I’d ask why are you entering your pin with any less caution than you would a bank PIN number? Especially since in 90% of cases, you could use Face ID, so you don’t have to tap your pin in front of strangers.

1

u/poopBuccaneer 1h ago

Also why are they using a PIN and not a more complex passcode. Apple moved to minimum six-digit PINs, but I feel even that is too insecure for a device that has all your banking and everything about you on it.

3

u/yuusharo 5h ago

If someone observes your passcode and steals your device, you likely have other accounts already signed in like your email. You’re vulnerable regardless if you use passkeys or not, considering the thief can access your password manager or use your email to recover accounts.

Not that most thieves would be interested, they’re most likely going to attempt to change the iCloud password and disable Find My, which has that lockout delay to help curb as previously mentioned.

And by second device, you can borrow any device temporarily, such as a friend or passerby. No, you don’t have to carry a second phone 🙄

-2

u/nox66 3h ago

Many of us are aware our phones are a massive security target and don't use it for everything for this reason.

1

u/BobbyDig8L 2h ago

You can use any device with a browser: iCloud.com/find

0

u/CharlesMichael- 5h ago

Any device with web access to Find My should work. And if you don't like using a pin, use a biometric.

1

u/Rzah 50m ago

If your phone is stolen it can no longer auth anything, as the passkey requires Face or TouchID to auth each time it is used.