Welcome to The Full Nerd newsletter—your weekly dose of hardware talk from the enthusiasts at PCWorld. Missed the burning topics on our YouTube show or fresh news from across the web? You’re in the right place.
Want this newsletter to come directly to your inbox? Sign up on our website!
It turns out a lot of people don’t understand passkeys.
I learned this after last week’s show, when people on our Discord server began chatting about our recap of best practices for online security.
Our group brought up plenty of technical points, being the awesome nerds they are. But as the conversation unfolded, misconceptions cropped up about passkeys and how they work. That surprised me—as did learning more than one of my colleagues doesn’t quite get them, either.
I ended up following up on the topic this week, in one of my longest-ever responses during a Q&A segment. I spent a lot of time preparing the breakdown, which covers a very simple overview of asymmetrical public-private encryption keys (aka public-key encryption), then dives into nuances of what passkeys do and don’t protect against.
This deeper look got me thinking. Typically, more tech knowledge simplifies problems. You can figure out solutions faster and more efficiently. The familiarity helps you know which details to prioritize and which to disregard.
This instance is a rare occurrence of the opposite—where familiarity breeds a demand for perfection.
One common criticism of passkeys is their inability to mitigate all security weaknesses. For example: Passkeys don’t protect against session hijacking. Another is the perceived lack of universal use. “Passkeys lock you into a single ecosystem” can be found in multiple comments in Discord, Reddit, and forum discussions.
I find these arguments specious, to be honest. Session hijacking is outside the realm of authentication. And the restrictions around passkey portability are part of the original design, balanced by the ability to generate multiple passkeys for a single account.
I get where they come from, though. People with technical knowledge have lived in a world with passwords for so long—and they know the ins and outs of the security weaknesses—that it’s hard to think outside that space. We’re all tired of the constant breaches, password rotations, and time spent minimizing damage to our daily lives. A perfect solution would be really nice.
YubiKey
But let’s not miss the forest for the trees. Many people do not use secure passwords. Fewer still use two-factor authentication. And yet even a slimmer portion bother with third-party password managers. Why? Good password security takes effort. Two-factor authentication adds an extra layer to the complexity.
Passkeys eliminate much of that mental overhead. They require no memorization, hook into the ecosystems most users are already committed to, and lean on understandable systems (e.g., using a fingerprint to approve passkey use). And users won’t need to cycle their credentials whenever a breach happens.
Can passkey implementation be improved? Absolutely. Do you need to change your system of password + 2FA if you already have an established system you trust? Not at all. Should that stop the recommendation of passkeys by the tech savvy to others, particularly everyday users? Hard no.
I believe that when we look at tech, we need to be evaluating products, services, and standards on how well they achieve their intended function—not just how well they execute it. Sometimes, making this call will require us to see the world in ways completely opposite from our viewpoint.
In this episode of The Full Nerd
In this episode of The Full Nerd, Alaina Yee, Brad Chacos, Will Smith, and Michael Crider chat about the possible reason behind Windows 11’s recent SSD issues, tech products that disappoint us (and why), and more. I also slipped in that, uh, thorough overview of passkeys during the Q&A segment.
We also learned that Will just “doesn’t like to feel.” (Is this the natural result of earning more life experience?) Despite the lack of positivity on feelings, he spread delight when telling us about a Twitch streamer who plays games on unexpected makeshift controllers. Pomegranates.
Willis Lai / Foundry
Missed our live show? Subscribe now to The Full Nerd Network YouTube channel, and activate notifications. We also answer viewer questions in real-time!
Don’t miss out on our NEW shows, too—you can catch episodes of Dual Boot Diaries and The Full Nerd: Extra Edition now!
And if you need more hardware talk during the rest of the week, come join our Discord community—it’s full of cool, laid-back nerds.
This week’s scintillating nerd news
Here’s how I know I had holiday brain last week: I forgot to mention Will & Adam’s livestream of building in Teenage Engineering’s nifty transparent plastic case! Good thing I realized my error, because this week’s boatload of news almost flooded it right out of my brain.
By the way, I’m really crossing my fingers on the first-gen Lenovo Go dropping in price this fall. Please please please.
- Wide handheld is wide: My PCWorld colleague Mike Crider nails the standout feature for this custom handheld gaming PC. I can see why he wants one.
- I still have clickwheel iPods. Hmmmm: Digital preservationists are performing such important work. It’s not just about nostalgia—having tangible, interactive evidence of what came before keeps our history so much alive.
- I love this Pinball coding goof: Technically, developer Dave Plummer didn’t make a true mistake, since we never can predict what changes will make our projects suddenly act wonky. But this Windows NT-era game accidentally running for a time at 5,000 fps on multicore processors is pretty great.
- How much can we trust encrypted messaging? If this accusation against Meta about WhatsApp’s security is true, the answer appears to be ‘not as much as we believe.’ (Remember folks, never share things in writing if you want to be sure they can’t come back to haunt you.)
Lenovo
- I’ve wanted the Legion Go 2 for ages: OK, I didn’t want the actual Legion Go 2, which only just got announced. But I have waited with fortitude for a successor to the affordable 8-inch Windows 8 tablets of yore. And while I’d love an OLED screen and 32GB of DDR5 RAM, what I’m truly eager for is the first-gen Go dropping below $500 on Black Friday. (Fingers crossed.)
- Passkeys could’ve possibly stopped this disastrous phish: Malicious JavaScript code popped up in a set of trusted packages with more than two billion downloads per week—and it happened because the maintainer of the code had his credentials (including 2FA code) successfully phished. A security key could have helped stop the attack—but so too a passkey, were it an option.
- Just $5 for this incredible thrift store find: In this week’s installment of, “We love thrift stores,” someone found a RTX 3060 12GB card for just $5. And it works. (Redditor satviktyagi’s comment in this thread is perfection, by the by.)
Catch you all next week—I’ll be eagerly awaiting the arrival of my Lemokey X0 gaming keypad upgrades. PC gamers need to work their marketing campaign, for real. I would have switched ages ago if the slogan had been “Bend games to your will.” Though I guess “Console players suck” does redirect attention from needing customized gear to land headshots.
~Alaina
This newsletter is dedicated to the memory of Gordon Mah Ung, founder and host of The Full Nerd, and executive editor of hardware at PCWorld.
