Podcast Summary: Hands-On Windows 176

"A Practical Guide to Secure, Passwordless Logins"

Host: Paul Thurrott
Release Date: February 12, 2026
Podcast: All TWiT.tv Shows (Audio)

Overview

In this episode of Hands-On Windows, host Paul Thurrott dives deep into the practicalities of secure, passwordless logins, specifically focusing on using passkeys on Windows 11. He details his own workflow, recommends best practices, and provides hands-on demonstrations—all with his signature approachable, straight-talking style. The aim is to demystify passkeys, compare first-party versus third-party solutions, and offer advice for listeners ready to streamline and secure their digital lives.

Key Discussion Points & Insights

1. Passkey Integration in Windows 11

• Recent improvements:

  • Windows 11 recent versions (23H2/24H2/25H2) have built in passkey support.
  • 25H2 introduces Microsoft Password Manager integration in Edge and some third-party manager support.
  • Most functionality still requires either Microsoft Edge (for native support) or a compatible third-party password manager app.

• Paul’s take:

  • Paul prefers third-party password managers over built-in ones for more features and flexibility.
  • He interchanges “password manager” and “passkey manager” since good managers now handle both types of credentials.
  • “I feel really strongly that you should use a third party password manager which can be used for managing passkeys as well.” (Paul, 01:33)

2. Recommended Tools & Features

• Why third-party managers?

  • “They're natively portable… offer more features than the built in…” (Paul, 01:50)
  • You gain enhanced portability across devices/platforms (iOS, Android, Windows, Mac, Linux, Chromebooks).

• Paul’s Choice:

  • Proton Pass is his password/passkey manager of choice.
  • Other good options: 1Password, Bitwarden, Dashlane.

• Device advice:

  • Install your password manager and authenticator app on every device you regularly use.
  • Security is reinforced by device biometrics (fingerprint, face ID, etc.), or PIN as fallback.
  • “It's one of those things that once you start doing it, it becomes just second nature.” (Paul, 03:08)

3. Setup and Daily Experience

• Autofill setup:

  • On phones: go to settings/autofill, select your manager. Don’t enable multiple providers at once.
  • On desktops: install browser extension(s) for your manager in every browser you use.

• Disable browser autofill:

  • Critical to turn off native autofill in browsers (“you don't want those two things fighting each other”), leaving management to your chosen app.
  • “Just make sure… the browser is not also trying to autofill passwords…” (Paul, 09:17)

• Flexibility in use:

  • Desktop apps for managers are optional — browser extensions suffice for most use cases.
  • For “offline” app sign-ins, you can always copy/paste from your manager.

4. Seamless Logins, Passkey Demos, and Security

• Effortless login:

  • Describes logins to Google, Best Buy, GitHub, etc.:
    • No username or password entry needed—just select the account prompt.
    • “It's automatic. It's really nice.” (Paul, 10:14)
    • “I didn't type anything, I didn't type a password, but I also didn't even type the email address.” (Paul, 12:26)

• Security layers:

  • Most secure setups also prompt for Windows Hello (face, fingerprint) when accessing manager or creating passkeys. Paul disables this, but recommends most people leave it ON for extra security.
  • Paul's compromise: his computer locks automatically when he steps away.

• Mobile/QR alternate flows:

  • For some use cases/sites, a QR “handoff” from desktop to phone is possible—but Paul emphasizes most users will get by with browser-based extensions alone.

5. Passkeys vs. Other Authentication Methods

• Hierarchy of approaches:
  • Passkeys are superior to traditional password + 2FA approaches for convenience and security.
    • “Passkey is the go to. That's the first one. The first one, if you have a passkey, use that every time. If you don't… look at other forms of two FA or mfa.” (Paul, 13:46)
  • Authenticator apps fill gaps where passkeys aren’t supported.
  • Paul promises a future episode on authenticator apps.

6. The Future of Passwordless Security

• Passkeys are not yet universal, but are a giant leap forward.
• The biggest challenge is simply knowing where you can use them and making a habit of doing so.
• “I know it feels complex and people still kind of freak out about passkeys, but I think passkeys are going to… if not solve the problems with online account security, it's certainly a giant step forward.” (Paul, 13:16)

Notable Quotes & Memorable Moments

| Timestamp | Speaker | Quote | |-----------|---------|-------------------------------------------------------------------------------------------------| | 01:33 | Paul | “I feel really strongly that you should use a third party password manager which can be used for managing passkeys as well.” | | 03:08 | Paul | “It's one of those things that once you start doing it, it becomes just second nature. It's very, it's very. It's simple. It's pretty obvious.” | | 09:17 | Paul | “Just make sure… the browser is not also trying to autofill passwords… you don't want those two things fighting each other.” | | 10:14 | Paul | “It's automatic. It's really nice.” | | 12:26 | Paul | “I didn't type anything, I didn't type a password, but I also didn't even type the email address.” | | 13:16 | Paul | “I know it feels complex and people still kind of freak out about passkeys, but I think passkeys are going to… if not solve the problems with online account security, it's certainly a giant step forward.” | | 13:46 | Paul | “Passkey is the go to. That's the first one. The first one, if you have a passkey, use that every time. If you don't… look at other forms of two FA or mfa.” |

Key Timestamps for Important Segments

• 00:22 — Episode start, Paul introduces the week’s theme: managing passkeys in Windows 11 using third-party managers.
• 01:30 – 04:00 — Why Paul recommends third-party passkey/password managers, his current setup (Proton Pass), value of portability and advanced features.
• 04:34 — [Ad break removed]
• 08:09 – 13:00 — Hands-on demonstration: how to use passkeys via browser extensions, disabling built-in autofill, real-world logins, managing browser/app workflow.
• 13:00 – 14:30 — Where passkeys fit in the authentication landscape (vs 2FA/MFA); using passkeys as first choice, with authenticator apps as backup.
• 14:30 – 15:10 — Episode wrap-up: Teasing future episode (authenticator apps), invitation to join Club TWiT.

Practical Takeaways

• Use a trusted third-party password/passkey manager (Paul recommends Proton Pass, but many are good).
• Set up autofill and password management on all devices you use. Only use one autofill provider per device/browser.
• Disable browser-native autofill to avoid conflicts with your password manager.
• Browser extensions for your manager suffice for most workflows—desktop app is optional.
• Passkeys make secure login effortless and more convenient—aim to use them wherever possible for the best mix of speed and security.
• Keep your manager protected via your device’s biometric or PIN security; use automatic locking to minimize risk when away from your PC.
• Understand that passkeys are the gold standard for passwordless login, but authenticator apps remain a necessary backup for some accounts.

Final Thoughts

Paul delivers a pragmatic and highly actionable guide to embracing passkeys on Windows, emphasizing ease of use, practical setup, and layered security. With concrete recommendations and live demonstrations, this episode is a must-listen (or read!) for anyone looking to upgrade their account safety without a lot of hassle.

Next episode preview:
Paul will cover authenticator apps and how they fit into a comprehensive, secure login strategy.