Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there any company actually providing anything resembling emergency access for Passkeys? A critical feature of password vaults for me is the ability of my heirs to get access to my passwords when I am incapacitated or dead. I can't print out my passkeys and store them in a safe, nor does there appear to be any system for allowing someone access to my passkeys.

Features like this seem like table-stakes to me:

https://www.lastpass.com/features/emergency-access



> I can't print out my passkeys and store them in a safe, nor does there appear to be any system for allowing someone access to my passkeys.

In essence it's possible - some app that exports the passkey's private key in some standard format as a QR code [per passkey], ready to be re-imported, but such import/export mechanisms haven't been made yet.


At least with 1Password an export contains Passkeys, and Safari team has indicated the same will be available.


In practice, as long as your heirs have access to your email, they should be OK. Password reset flows still work with passkeys.

You also should be able to back up passkeys onto a flash drive and encrypt them with a strong password. I don't think there's a good tooling for this right now, though. On macOS you'll need to go to Keychain Access and manually export the keys.

(I store everything important in an encrypted container, with the 128-bit recovery code printed on paper and stored in a safe deposit box)


> I can't print out my passkeys and store them in a safe, nor does there appear to be any system for allowing someone access to my passkeys.

Recovery is handled differently depending on who you are using to sync your passkeys. Apple has a great recovery story. iCloud Keychain supports both a "recovery key" and "recovery contacts".

See the section titled "Recovery security" in the "About the security of passkeys" doc: https://support.apple.com/en-us/HT213305

Additional relevant docs:

Recovery contact: https://support.apple.com/en-us/HT212513

Recovery key: https://support.apple.com/en-us/HT208072


This looks good, but it's not clear that it would actually work in this scenario. The "Recovery Security" section of the first document is good, but it requires knowledge of some combination of the phone password, an "iCloud security code", possession of the SMS number for the user, etc.

The latter two links are good, but both only refer to recovering access to an iCloud account, they don't talk about further access to escrowed iCloud keychains.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: