What Are Passkeys? The Next Evolution in Backup Security

ByW. Curtis Preston February 17, 2025February 16, 2025

If you’re still protecting your backup system with just usernames and passwords, you’re practically begging for trouble. Bad actors know exactly what they’re doing – they target backup systems first, and a simple password won’t stop them. Let’s talk about what passkeys are and why they represent a massive upgrade in security.

This blog post summarizes the main points of my latest podcast episode. If you’d like, you can listen to it or watch it at https://www.backupwrapup.com/

What Are Passkeys

Here’s the deal: passkeys fall under the FIDO (Fast Identity Online) framework, and they’re changing the game. Unlike traditional passwords that can be phished or stolen, passkeys use public key encryption and biometric verification. The real kicker? There hasn’t been a single successful attack against a FIDO-compliant system.

What Are Passkeys Replacing?

Let’s break down the evolution of authentication:

Basic passwords (worst)
Multi-factor authentication (better)
- Email verification (least secure)
- SMS verification (vulnerable to SIM swapping)
- One-time password generators (most secure MFA option)
Passkeys (best)

What Are Passkeys’ Implementation Options?

You’ve got several ways to implement passkeys:

Phone-based systems using secure enclaves
Hardware keys like YubiKey (always buy two!)
Platform implementations from Apple, Google, and Microsoft

The best part? Hardware options like YubiKey are surprisingly affordable – their top model runs about $55. That’s a small price to pay for protecting your last line of defense.

What Are Passkeys’ Advantages?

The biggest advantage is security, hands down. But there’s more:

No passwords to remember
Can’t be phished
Uses biometric verification you already have
Works across multiple platforms
More convenient than traditional MFA

Here’s my straightforward advice: if your backup system doesn’t require either MFA or passkeys to log in, fix that immediately. And start pushing your backup vendors to support passkey authentication. Don’t wait until after you’ve been hit with ransomware to upgrade your security.

Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data

Mr. Backup Blog

The CryptoLocker Virus: How One Attack Launched the Modern Ransomware Era
ByW. Curtis Preston February 16, 2026February 15, 2026

FacebookX The cryptolocker virus is one of the most significant pieces of ransomware ever created — not because the code was brilliant, but because it became the blueprint that every ransomware gang since has built on. If you want to understand why ransomware looks the way it does today, you need to understand CryptoLocker. This…

Read More The CryptoLocker Virus: How One Attack Launched the Modern Ransomware Era
Mr. Backup Blog

GDPR: How should we keep a record of deleted data?
ByW. Curtis Preston May 17, 2018March 22, 2022

FacebookX I’m still just thinking out loud here. Again… not an attorney. I have read the GDPR and done some analysis of it, primarily around the right to be forgotten (RTBF) and how it pertains to data protection systems. I just want to start the conversation about some of these topics and see what people…

Read More GDPR: How should we keep a record of deleted data?
Mr. Backup Blog

Lessons from Carbonite Lawsuit: Why Backup Vendor Due Diligence is Crucial
ByW. Curtis Preston April 1, 2024April 1, 2024

FacebookX In the world of cloud backup, entrusting your valuable data to a third-party provider requires a great deal of faith and due diligence. However, the story of Carbonite, a once prominent cloud backup provider, serves as a stark reminder of the risks involved when that trust is misplaced. (This blog post summarizes the main…

Read More Lessons from Carbonite Lawsuit: Why Backup Vendor Due Diligence is Crucial
Mr. Backup Blog

TruthinIT.com needs an inside sales rep
ByW. Curtis Preston January 13, 2010

FacebookX If you know a good inside/telephone sales representative, then you should have them look at this job posting: http://www.truthinit.com/blogs/truth-in-it-blog/8-internal-sales-position.html Written by W. Curtis Preston (@wcpreston), four-time O’Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data

Read More TruthinIT.com needs an inside sales rep
Mr. Backup Blog

What is a Tabletop Exercise? A Comprehensive Guide
ByW. Curtis Preston September 9, 2024September 5, 2024

FacebookX In the ever-evolving landscape of cybersecurity, organizations must constantly adapt and prepare for potential threats. One of the most effective tools in an IT team’s arsenal is the tabletop exercise. But what is a tabletop exercise, and why is it so crucial for your organization’s cyber resilience? (This blog post summarizes the main points…

Read More What is a Tabletop Exercise? A Comprehensive Guide
Mr. Backup Blog

World Backup Day: Why Data Protection Is More Critical Than Ever
ByW. Curtis Preston May 19, 2025May 18, 2025

FacebookX World Backup Day happens every March 31st – the day before April Fool’s Day. Why? Because if you don’t back up your data, you’re a fool! As someone who’s spent decades in the backup and recovery space, I can tell you that the consequences of inadequate backup strategies are no laughing matter. This blog…

Read More World Backup Day: Why Data Protection Is More Critical Than Ever

What Are Passkeys

What Are Passkeys Replacing?

What Are Passkeys’ Advantages?

Related Posts

Similar Posts