By Zak Doffman
Publication Date: 2026-05-11 05:53:00
Passkeys may not stop hackers.
getty
Passkeys are supposed to replace passwords and stop phishing attacks. But Google and Microsoft warn that passkeys alone are not enough if weaker recovery methods remain attached to accounts. “Each account is only as secure as its weakest credential,” Microsoft says, warning that passwords and SMS recovery options can become a new attack surface even after passkeys are deployed.
“Passkeys are an easier and safer way to access online accounts compared to passwords,” Google says, “and even traditional multi-factor methods.” But passkeys are not 100% safe on their own. In a new warning to its account holders, Google says “even when you normally use a passkey, it’s important to secure your account with two-step verification (2SV).” You need this in case “someone tries to impersonate you and claims to have lost your passkey.”
If there is an automated…
