Reader Questions Passkey Security Against Passwords and 2FA

2 articles · Updated · The Guardian · Jun 7

Martin Avis of Chester asked why passkeys — often unlocked with a phone PIN or facial recognition — are considered safer than strong passwords plus two-factor authentication.
His challenge centers on edge cases: a stolen phone, a guessed device PIN, or losing the device entirely, despite understanding that passkeys are tied to a device and not stored on a company server.
The question reflects guidance from bodies including the UK’s National Cyber Security Centre, which have promoted passkeys as harder to phish and hack than traditional login methods.
The Guardian invited readers to submit answers and related questions for possible publication next Sunday.