Ive been arguing that passwords are horrible for the best part of a decade now, and was an enthusiastic early adopter of the far better approach of passkeys.Passkeys were supposed to achieve the holy grail of an approach which is both more secure than passwords and so easy to use that everyone would adopt them. But a new piece outlines four problems with the technology Passkeys are more secure than passwordsPasswords have a number of security issues:Websites may know them, even if they are supposedly encryptedNon-techies tend to re-use passwords, so data breaches are hugely problematicPasswords are vulnerable to phishing attacksPasskeys solve all of this. Instead of being challenged for our username and password when we login, we are invited to use a passkey. With this system, the website or app asks our device to authenticate us, using Face ID or Touch ID. The device tells the website who we are, and that it has confirmed our identity.The web server trusts your device to authenticate you in exactly the same way that payment terminals trust your iPhone or Apple Watch for Apple Pay transactions because it knows your have been authenticated locally using biometrics.In theory, passkeys are way simplerWhen we create an account, we should be offered the option of using a passkey, and all we have to do is agree. Our device authenticates us, and the service creates our account. To login next time, we just use Face ID or Touch ID and were in.But there are four big problemsIf you use only Apple devices, and use Safari as your web browser on all of them, then passkeys get close to being that simple. iCloud synchronization means that an account created on one Apple device will be accessible on all your others.But as Arstechnica points out, there are a lot of situations where the reality is rather different from the promise, starting with inconsistent user experiences.The experience of logging into PayPal with a passkey on Windows will be different from logging into the same site on iOS or even logging into it with Edge on Android. And forget about trying to use a passkey to log into PayPal on Firefox. The payment site doesnt support that browser on any OS.Worse, passkeys are tied to specific browsers.Another example is when I create a passkey for my LinkedIn account on Firefox. Because I use a wide assortment of browsers on platforms, I have chosen to sync the passkey using my 1Password password manager. In theory, that choice allows me to automatically use this passkey anywhere I have access to my 1Password account, something that isnt possible otherwise. But its not as simple as all that. When I look at the passkey in LinkedIn settings, it shows as being created for Firefox on Mac OS X 10, even though it works on all the browsers and OSes Im using.A third issue is that companies like Google and Apple may come close to forcing you to use their own passkey management systems, even when you have a different preference, and sometimes when you already have a passkey set up.I just want to open LinkedIn using the passkey thats being synced by 1Password to all my devices. Somehow, the mysterious entity responsible for this message (its Google in this case) has hijacked the process in an attempt to convince me to use its platform.Also, consider the experience on WebAuthn.io, a site that demonstrates how the standard works under different scenarios. When a user wants to enroll a physical security key to log in on macOS, they receive a dialog that steers them toward using a passkey instead and to sync it through iCloud.Finally, theres the fact that while the whole point of passkeys is to ditch the security holes created by passwords, almost every service forces you to create a password login too.Of the hundreds of sites supporting passkeys, there isnt one I know of that allows users to ditch their password completely. The password is still mandatory [] Threat actors will devise hacks and social engineering attacks that exploit this shortcoming. Then were right back where we were before.The full piece is well worth reading.Photo byTheRegistionUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel