Not all VPNs are fraud. Purchasing a good VPN plan should be done after a lot of research. Because the most popular or cheaper could be the worst one.

Yep... It's as secure as your email. Or they are just leveraging the passkeys on the emails.

Yeah but app dns requests and background services are sometimes not TLS. When using VPN all traffic is encrypted. Thus safer.

True... Using Tor is a big pain.

Today we use lots of accounts with unique passwords. Obviously these passwords have to be stored somewhere. So I disagree with you when you say it's a unique passkey thing.

Passkey has an advantage when it comes to phishing because it doesn't totally rely on human intelligence or state of mind.

From a personal experience my data was leaked online, not because of phishing or I was careless. but it was leaked from a well known third party site which I used. They were affected by a very serious breach. Many unlike me use the same passwords for their emails and stuffs. But in case of passkeys there isn't a shared secret. A breach will be useless.

But the third parties actually have no access to your passkeys. The passkey stored are end to end encrypted blobs. So even if anyone gets hold of it, its useless. But a password for instance when leaked from 3rd party can be used easily as the server will have to decrypt the password at one point. So the means to decrypt the password will be at the server but passkeys aren't like that. The private passkey can be decrypted only on your device for signing the challenge. Basically your exposure was basically halved.

I think Google accounts are made usually for single user and thus passkeys. But may be you can try going to the share Google accounts security and there's an option skip password when possible. Disable it... May be it might work. I'm not sure tough.

Thanks

Thank you... and Yes you are right... There could be many reasons like greed or could be risk management if you think from both ends of spectrum. It's sad actually they are developed on the same FIDO2 but insists on being seperate which is weird.... Also they feel that regular user wouldn't be able to set up FOSS passkey provider or may be they lose control over encryption if they share with third party.

VPN also hides unencrypted DNS and non-browser traffic which are sometimes not TLS.

Yes you are right. You should run DNS leak tests.

Browser fingerprinting is very effective in tracking users. VPNs are totally useless against it. Tor offers partial protection as they make all users look same. So if your looking for anonymity better use Tor. VPNs keep your data safe and browsing private.

Yes VPNs are necessary. At least when using a public network.

You just need to memorise the PIN at max. If your device has biometric recognition you could even use your face scan or fingerprint so even remembering a PIN is not needed in that case.

Even if you are really careful, your details can always be leaked from a company server during a breach. If the companies adopt passkeys, that issue isn't there. Because there isn't a password anyone can randomly use. That's why I feel big tech companies are moving towards it.