Are most of you deleting your old passwords when upgrading accounts to passkeys? Why or why not? Looking for input here, thanks.
Are you asking about removing passwords that are stored in your Bitwarden vault, or disabling username/password login for the service you are accessing? If the password is still on file as a valid authentication method for logging in to the service, then I would recommend keeping a record of that password in your Bitwarden vault.
1 Like
Currently I’ve been leaving the UN/PWs set up in both Bitwarden and the target accounts, primarily as backups. But then I’m negating one of the main benefits of passkeys by leaving that info in the target systems databases, correct?
If you have a passkey-access-only account, then your passkey’s private key can’t be breached except from your end; breaching the service’s database potentially can get everything else but they can’t use those to log into your account. With your password as a backup, your password can be potentially breached and might be used to log into your account, except that for the current sites implementing passkeys, it is most likely in a hash that can’t be cracked if your random password is moderately long.
So, mainly, you definitively get the benefits of not getting phished, and not sending your password to anyone by accident.
Having a password as a backup may be the reality for a while for most sites implementing passkeys. Using long random passwords might potentially sweep this problem under the rug for a while, too.
1 Like