I keep seeing more things trying to suggest I should set up a passkey, so I don’t have to remember a password or something… uh, can someone please explain to me what the difference is? Don’t I still have to remember the passkey?
The advantage of using a password manager is that each site sees a different password, while you only have to remember one. If I’m a threat actor and CoogFans leaks the usernames, email addresses, and passwords for their users, it would be a great idea for me to try those same login credential combinations on your email host of choice or Facebook or a handful of bank providers or god knows what else because people love reusing passwords. If you’re using a password that was generated by your choice of password managers (note: NOT LastPass) this approach fails.
It’s worth noting that websites leak data all the damn time; you should generally assume that any information stored online will eventually leak.
AI provides a good summary of the advantages. See below.
Also suggest you have a scan done on the dark web for email and
ssn - just be sure to use a legitimate service 
Passkeys offer enhanced security, making them more resistant to phishing and data breaches than traditional passwords. They are also more convenient, allowing for faster and easier sign-ins that don’t require memorizing complex passwords or using a separate two-factor authentication step. This is because each passkey is a unique, encrypted digital credential stored on a user’s device and linked to a specific website or app.
Security advantages
- Phishing-resistant:
Passkeys are designed to work only on the legitimate website or app they were created for, making it impossible to be tricked by a fake site into revealing your credentials.
- Unbreakable:
They are protected by the device’s lock screen, such as a fingerprint, face scan, or PIN, and can’t be guessed, stolen, or phished like passwords.
- Data breach protection:
Websites don’t store your passkey; they only store a public key. This means even if a server is hacked, the stolen public key cannot be used to access your account because it is mathematically impossible to reverse-engineer the private key needed to log in.
- Unique to each site:
Passkeys are unique to each app or website, so a credential used for one site cannot be used to access another, preventing credential stuffing attacks.
Convenience advantages
- Faster sign-ins:
They can be faster to sign in with compared to typing a password and completing a second authentication factor.
- No need to memorize:
Users don’t have to create or remember complex passwords.
- Seamless cross-device access:
Passkeys can be synced across a user’s devices through cloud services like iCloud Keychain or Google Password Manager, allowing for seamless use across platforms.
- Simplified recovery:
They reduce the need for password resets, which can be a time-consuming process.
As a longtime LadtPass user, I’m curious about your statement
I use the Face ID on my phone as a passkey. Very fast and secure. Highly recommend.
They’ve been breached a couple of times and the data in your vault is unencrypted. Switch to basically any other password manager pronto, and reset any passwords you care about when you do.
Thanks!