The Google for Education Community Platform

Because most of our users (eventually all of our users) will be behind our SSO platform, I imagine having Passkeys will not be used or applicable.

My personal experience also has not been that well done, primarily because I don't use Google Passwords nor Apples Keychain/iCloud/Password Manager either. I use Bitwarden exclusively, which will eventually be able to use Passkeys for itself.  My personal situation is probably on the smaller percentile of people, but still worth noting.

I have turned this on for about 8 people in my IT department so we can experiment with it.  I feel this is the first baby step towards passwordless logins and I welcome it.  Will we turn it on for everyone?  I'd like to think so, but we'll see if there is any actual benefit to it.  

It's difficult to say how well it will be utilized since logging in to Google is just one of may various accounts we utilize.  Having a unified SSO solution would be great but for us, so far at least, it has been elusive.

I will watch this thread with interest. I haven't tested it out yet, but I will do over the summer when I have a bit more time to break stuff.

One thing I don't like is one password on the yubikey and that's it,  So if someone gets that your into all their passkey accounts (you know how may people lose Key or leave them at their desks) 

And If Google goes all passkeys I can see a problem that normal users trade in their phone or it gets damaged , and now they cant get into their account.  (As they add Android phone as a passkey automatically)  

I am planning on test-driving passkeys for my IT accounts and possibly with a small select few that I know have a solid tech foundation. 

I'm interested in Passkeys, but right now as far as I can tell on iOS the only support is through Apple's own integration which forcibly shares Passkeys over iCloud keychain. If I have a passkey I want it tied only to the devices I choose, not shared across all of them.

I support the idea of passkeys, but in my district, I'm concerned about the Union and the use of personal devices for work related tasks.

I see adoption being thin, at least for quite some time!

Also, I use a different platform for MFA than Google, but I am listening closely on how they plan on exporting/importing passkeys from one provider to another.

I thought with passkeys especially on your personal google accounts you would also have to have a key of some kind  in the event your phone breaks or gets stolen. I know you can remove passkeys if it is syncing with icloud  or google, etc.  And for those that don't trust the sync, what do you do now? Wouldn't you just be better off using a key?  If we don't use passwords for a long time I can see people forgetting their passwords to log in and so that may create it's own issues.   What would we do with people that refuse to use their personal phones for work?  Would we force them down to security keys?   Are we trying to pass the cost on to the users with their phones? I think we are a ways out from passkeys being anywhere close to being a standard.  Many sites still don't allow for passkeys so we are back to passwords if they don't accept google sign in.  Many banks are still behind the time when you look at what they use, like sms. 

I am happy for all you that think that passkeys will make us more secure but I also think security keys are just as secure. The only difference is remembering password and that's only for new devices.  We all know that we can sign out of past devices if you look under security right.  Surely we do this in our facebook account as well..etc. Let's not forget we can also use Smartlock to use our devices for sign in as well.   Have we thought how students will use this technology if they have no phone?   I wish Google with personal account would allow you to change your security just for one type instead of listing sms etc. Just my thoughts 

I believe @Kim_Nilsson had said that Yubikeys could be used as a passkey.  Correct me if I'm wrong!

I think things will go that direction, but I do think we will have to come up with another plan (like Yubikeys) for the fraction of staff that refuse.

One thing we know for sure in education is that almost every student account does not use 2fa.  Before you can use passkeys on a apple device you have to have 2fa enabled. Apple will direct you to do that.  I know the standard is 2fa, but lots of old apple accounts and if you want there is a way to actually set up no 2fa on your apple account.  Until this use becomes more standard such as a Chromebook using a camera or finger print reader ( not a special order to do this or a high price tag) being the default to creation of example even a  google account, this will be cumbersome no matter how you look at it. For now a couple of keys is likely the best approach. Also until google decides that using your phone number is no longer acceptable to recover  a public account  your account will always be vunerable.  I agree passkeys will be the way, it is just not there yet and still has a long way before it is.  Finger print, eyescan facial recognition and maybe a drop of your blood for dna...LOL Just my thoughts You can also bet using windows or macs and maybe even a chrome device in the future someone will think of something to get around passkeys. Just because we are not there yet doesn't mean it won't happen. How many zero days alert/bugs are found? It all comes down to Code Verses Code.

I agree Kim about the complexity of 2fa for students, but that is not the point I was trying to make. Passkeys is the new shiny which requires a phone or specialize hardware. 

This is an interesting video with Steve Gibson- https://www.youtube.com/watch?v=do1ZnKBOSP8