Passkeys: The End of Password Hell with a Catch

Jan de Vries · 2026-05-12

For years, we’ve been stuck in password hell. You know the drill: create a complex mix of letters, numbers, and symbols, then forget it five minutes later. Reset it, get locked out, and repeat the cycle. It’s exhausting. But now, a new solution is emerging—passkeys. They promise to kill passwords for good. And honestly, that sounds like a dream. But here’s the thing: every silver lining has a cloud. Passkeys might make logging in easier, but they also hand over control to big tech platforms. That’s a trade-off we need to talk about. ### What Are Passkeys, Really? Passkeys are a type of passwordless authentication. Instead of typing a password, you use your device’s built-in security—like a fingerprint, face scan, or PIN. Think of it like unlocking your phone. You don’t type a password every time; you just look at it or tap your finger. Passkeys work the same way but for websites and apps. They’re stored on your device, not on a server. This makes them harder for hackers to steal because there’s no central database to breach. But here’s where it gets tricky. Passkeys are often tied to a platform, like Apple’s iCloud Keychain or Google’s Password Manager. That means if you’re locked out of your Apple or Google account, you could lose access to all your passkeys. Suddenly, the convenience feels a bit fragile. ### The Hidden Risk: Platform Lock-In When you use passkeys, you’re essentially trusting a single company with your digital identity. If that company decides to change its policies, or if you get banned from their ecosystem, you could be locked out of everything. It’s like putting all your keys in one digital drawer. If the drawer breaks, you’re stuck outside your house. This isn’t just a theoretical problem. We’ve seen how platform lock-in works. Remember when Facebook changed its API and broke countless third-party apps? Or when Google shut down services like Google Reader? The same could happen with passkeys. You might wake up one day and find that your passkeys no longer work because the platform changed its rules. - **Recovery is a nightmare**: If you lose your phone or get a new one, recovering your passkeys can be a hassle. Some platforms make it easy, but others don’t. And if you’ve used passkeys for critical accounts like banking or email, a recovery failure could be catastrophic. - **Access is not guaranteed**: Passkeys are tied to your device. If your device is stolen or damaged, you might not be able to access your accounts until you prove your identity to the platform. That’s a big deal if you’re traveling or in a hurry. - **Digital identity lock-in**: Over time, you might become so dependent on a single platform’s passkey system that switching to a different platform feels impossible. That’s not freedom; that’s a new kind of prison. ### The EU Inc Proposal: A Step Toward Change? Enter the EU Inc proposal. This is a European initiative aimed at creating a more open and competitive digital market. It’s not directly about passkeys, but it addresses the same core issue: platform control. The proposal encourages interoperability—meaning different platforms should work together. For passkeys, that could mean a universal standard that isn’t owned by any single company. Imagine a world where your passkeys work across all devices and platforms, regardless of who made them. You could switch from an iPhone to an Android phone without losing access to your accounts. That’s the dream. But it’s not reality yet. The EU Inc proposal is a step in that direction, but it’s still being debated. And even if it passes, it could take years to implement. ### What Can You Do Right Now? While we wait for a more open future, you can take steps to protect yourself. First, don’t put all your passkeys in one basket. Use a password manager that supports passkeys and works across multiple platforms. Second, enable two-factor authentication (2FA) on your accounts. That adds an extra layer of security. Third, keep a backup of your recovery codes. Write them down and store them in a safe place. > "The future of authentication is passwordless, but it’s also platformless. We need standards, not silos." — A cybersecurity expert Finally, stay informed. Follow news about the EU Inc proposal and other efforts to promote digital openness. The more people demand interoperability, the more likely companies are to listen. ### The Bottom Line Passkeys are a huge improvement over passwords. They’re more secure, more convenient, and less frustrating. But they come with a catch: they shift control from you to tech platforms. That’s a trade-off you need to understand. The EU Inc proposal offers a glimmer of hope for a more open future, but for now, you have to be smart about how you use passkeys. Don’t let convenience blind you to the risks.