What’s the risk of failure of a Touch ID? I know it’s non-zero because the one on my the hand-me-down iPhone SE3 which I started using a month ago has failed. Would Passkey authentication default in that case to the Passcode for the iPhone or something else?
Yes. you can always use the passcode of the device. That’s what my wife always does - she doesn’t bother with Touchid on her iPad because it rarely ever works.
So I’m not the only one for whom TouchId is flaky. However FaceId on my iPhone 6 is exceptionally reliable.
I thought I had heard that Google Voice will not accept SMS while the device is ex-USA. Maybe I misunderstood; maybe you don’t travel overseas. Comment?
Thanks. That’s what I was trying to formulate, and you expressed it so well.
I do travel outside of the USA frequently so I cannot explain how I “don’t travel overseas”. But I do not access any of the accounts where I rely on a Google Voice phone number for 2FA when I am away from my primary Mac setup. This is for both security and privacy reasons. So I don’t know if GV rejects texts sent to a phone on a non-USA mobile network.
—————
ETA: after some further thought, I recall receiving some non-2FA texts on GV the last time I was outside of the USA. But I don’t know if Google draws (or can draw) any distinctions between 2FA and non-2FA text messages.
I do have some 2FA text message accounts set up for my Google Voice number, and I have received the messages when I am outside the US. They just go to the Google Voice app rather than the Messages app. I actually prefer it because if I lost my phone while outside the US I understand that I wouldn’t be able to activate a Verizon SIM on a new device, and then I wouldn’t be able to receive the messages.
1 Like
I don’t recall the settings I use for GV on my iPhone—I set it up several years ago—but all of my GV texts go to the GV app, not to iOS Messages.
Also, I don’t use GV for phone calls so I don’t have any comments on what it’s like to use GV as a telephone.
1 Like
Pogue left the NYT following the very public fist-fight between him and his wife, in which they allegedly beat each other up. He went to Yahoo, then CBS Sunday Morning, speaking engagements, social media. But the end of his NYT columns was basically the end of his prominence as a tech guru.
3 Likes
Thank you. Not being a tv viewer or Yahoo user I had lost visibility.
His opinions as a tech guy and his dispute/fight with his wife are completely different. I would never consider leaving my wife of 48 years and 52 together…but we have had way more than 1 screaming matches…but hitting a woman would never happen in my world…southerners and most properly raised people just don’t do that…ever.
1 Like
I used 1PW’s watchtower to identify sites where a passkey is available instead of using a password. The most important—security wise—of these, Paypal, will not support a passkey in Firefox. Sure, I could use Paypal from Safari instead, but if I’m using my primary browser, Firefox, and wish to pay with Paypal I would not be able to log-in.
It seems they only support Safari and Chrome, and their forum has many requests for other browsers such as Edge to be supported.
@Will_M
I thought I had heard that Google Voice will not accept SMS while the device is ex-USA.
That used to be true. A while back, it started working (don’t remember just when, but it was pre-covid, for sure). I live and teach abroad for 10 months of the year and haven’t had trouble receiving SMS via GV. You do have to set the configuration up so the messages go where you are expecting to receive them (GV website, SMS on your phone, etc.). I have found that Google isn’t fully set up to forward SMS to all cell providers, so some places (where I live, for example) it isn’t possible to forward to a local phone number, yet. In that case your only option is to receive via the GV app or website, but it still definitely works.
1 Like
The Pogue family fracas was not that simple. I don’t know who threw the first punch; it could have been madam, or it could have been simultaneous. It wasn’t cast as “man beats wife.”
Let’s stop this branch of the discussion. Though we haven’t spoken in ages, David and I wrote a book together long ago, and while his marital issues may have made the news, I’d prefer that we respected his and his ex-wife’s privacy.
9 Likes
the Chrome compatible universe is large. I am currently using 1Pwd wth Arc (I am aware of their new direction, am very disappointed about that decision, and will likely have to find a browser soon - different issue - relevant here is that Arc allows a setting that says don’t share with Chrome).
The PayPal and other passkeys stored on 1Pwd work just fine. The problem is that some of the sites add requirements that 1Pwd cannot meet. Passkeys are still a complicated function with variations in the implementation.
Bob
David Pogue is often the reporter in stories on the TV show CBS Sunday Morning. He covers many technical topics, but I was surprised to learn that he has training in music, composing, and orchestra conducting. That’s why he also does music-related stories on Sunday Morning.
I have avoided Passkeys because I gather it is difficult to recover if you lose all of your devices. I have 3 Apple Devices that back each other up, but they are all in my house most of the time, so what if I have a fire or something? So, for example, suppose I use a Passkey to access 1Password… and I lose all my devices. What then?
Passkeys and passwords by default sync to iCloud (Settings / Apple Account / iCloud, look in Saved to iCloud and make sure that Passwords & Keychain is turned on), so simply purchasing a new device and successfully activating your Apple Account will sync the passwords and passkeys to the new device.
Plus I am sure that you’ll have access to the achilles heel of almost every account with a passkey - there is some sort of account recovery option. That, I think, is not the case in the specific case of 1Password, though.
OK, but suppose my Apple/iCloud account is also protected with a Passkey, and I lose all my devices? I cannot then go to - say - a browser on a new device and sign on.
I have a copy of my 1Password secret key stored in a couple of safe places in case of disaster. And, I believe I will not forget my master password. I practice it often.
I’ve noticed many companies, e.g., Target, Best Buy, are now advocating Passkeys over passwords. I suspect this is because it reduces support issues for those companies. In those cases, if I lose my access the solution is simple: Just create a new account and maybe lose my order history or something.
Even if I lose access to my bank, I imagine it is not that difficult to work with them to create a new account or update my password etc.
But, if I lose access to 1Password, iCloud, or Gmail, that’s a much bigger deal.
But maybe I’m missing something?
I use a password manager which runs on my Mac desktop and iPhone. Increasingly, websites require 2FA and the authenticator app is on my phone. The authenticator app does not have a Mac version and will not open when I run iPhone Mirroring. I understand why more and more services are dependent on the phone as we almost always have them with us. But mobiles are easily lost or stolen and then there’s a problem. For safety I could have a backup iPhone and I am pretty sure my password manager will sync from that even though it will have a different phone number. But the authenticator app is device dependent, as far as I can tell, and most sites will not permit you to set up 2FA on more than one device. If a site has the option to authenticate by other means then you are OK but not all do.
It worries me that one can become dependent on a specific physical device which is easily lost or stolen. If passkeys will work on a substitute phone than I will be much more ready to switch.
Update: on checking the authenticator app (Microsoft) has a recovery procedure but there is no guarantee that each recovered account will work without re-authentication. This is not something I’m prepared to test!