I really don't want to carry around a key fob to log in like my wife had to do when she worked at NASA
But I see biometric DNA-based cryptographic security is the future ....
I asked Claude to research current info on this topic based on my own knowledge, and it confirms that passkeys are currently the best option. Note that when this thread was created four years ago, passkeys were much less supported; however, more and more sites are currently supporting passkeys. For myself, I use 1Password, and it supports passkeys.
SMS 2FA is seriously compromised.
The Security Rankings:
- Passkeys with biometrics (best) - Uses your fingerprint/face to unlock cryptographic keys stored on your device
- Authenticator apps (good) - TOTP codes generated locally, immune to SIM swapping
- SMS codes (weak) - Vulnerable to SIM swapping, SS7 exploits, and interception
SMS is officially deprecated: The FBI and CISA warned against SMS 2FA in December 2024 after the "Salt Typhoon" attack showed how easily SMS messages can be intercepted. NIST has discouraged it since 2016.
YubiKey vs Phone Passkeys: Your skepticism about hardware keys for personal use is justified. Phone-based passkeys combine biometric authentication (your fingerprint/face) with cryptographic security, giving you nearly the same protection without the cost ($25-80 per YubiKey) or risk of losing a separate device. Your biometric data never leaves your phone, and passkeys sync securely across your devices.
When YubiKeys make sense:
- Enterprise environments (99.9% reduction in phishing attacks)
- Absolute highest-value accounts (if you're particularly paranoid)
- Regulatory compliance requirements
For most people: Use passkeys with biometric authentication on your existing devices. They're free, always with you, combine something you have (your phone) with something you are (your biometrics), and offer excellent security. Only consider hardware keys for your single most critical account if you want that extra layer.
Banks still using SMS are dangerously behind. Push them to support authenticator apps or passkeys.
References:
I asked Claude to review existing passkey applications, and it replied with this info. If you aren't currently using passkeys, I encourage you to investigate and start to use them now.
Here are the major consumer-friendly passkey managers available in 2025:
Built-in (Free) Options:
- Apple iCloud Keychain - Built into iPhone, iPad, Mac. Syncs across all Apple devices automatically
- Google Password Manager - Built into Android and Chrome. Syncs across Android, Chrome browsers on all platforms
- Microsoft Password Manager - Built into Edge browser and Windows. Rolling out passkey sync across Windows devices
Third-Party Password Managers (Paid):
- 1Password - What you're using. Full passkey support across all platforms
- Bitwarden - Open-source option with passkey support. Free tier available, premium is very affordable
- NordPass - Strong passkey support with user-friendly interface
- Dashlane - Includes passkeys plus VPN and dark web monitoring
- Keeper - Enterprise-grade with robust passkey management
- Proton Pass - Privacy-focused (Swiss-based), good passkey support
My Recommendations:
For most people,
the built-in options are excellent and free:
- If you're in the Apple ecosystem → iCloud Keychain
- If you use Android/Chrome → Google Password Manager
- If you use Edge/Windows → Microsoft Password Manager
These sync automatically, have biometric protection built-in, and work seamlessly with no extra cost.
Why stick with 1Password?
- Cross-platform flexibility (not locked to one ecosystem)
- Better organization and sharing features
- More robust family/team sharing
- Additional security features like travel mode
- Better for people who switch between Apple/Android/Windows
Since you already have 1Password, you're in great shape. The built-in options are catching up fast, but 1Password still offers more flexibility if you use multiple ecosystems or need advanced features.
References:
Now we just need to get
@TUGBrian to add passkey support!
cipher.com
