Over the last decade, cybersecurity experts set the stage for a passwordless future. However, it wasn’t until now that the world finally got a reliable passwordless solution in the form of a passkey. Claimed by Kathleen Moriarty, the chief technology officer at the Center of Internet Security, as “an example of what security should be,” passkeys might permanently replace passwords.
Leading companies like Apple, Google, and Microsoft have already begun replacing passwords on their platforms with the help of the FIDO Alliance and the World Wide Web Consortium. Safe to say, passwords might get outdated soon. So, what is a passkey, and how do you use one? In this post, I have discussed that, along with what it has to offer.
What is a passkey?
According to Moriarty, passkeys are more secure and phishing resistant than a password manager or a two-step authentication process. Standardization allows users to sign in to apps and websites in a single step. By definition, a passkey is a FIDO credential linked to the user’s account, website, or application. It is based on public key cryptography. Plus, passkeys eliminate the need to enter a username, password, or any additional authentication detail.
Currently, the process for a user to use passkeys requires signing in. The browser or operating system then helps select the passkey. Although it’s quite different from a password, the experience of setting up a passkey is similar to that of saving passwords. To log in to accounts and use the passkey, the app, account, or website will prompt the user to unlock their cellular device. That’s all. The passkey is also saved in a cloud backup, allowing you to sync to your new device in case you lose your old one. Users can only view their passkeys on their online account once they unlock their phone.
Passwords versus passkeys
As per the current Microsoft Digital Defense Report, there has been a 74% rise in password attacks. To combat this, passkeys are designed to offer concrete protection against hackers and cyber security attacks. The server makes the encryption different every time, making each passkey unique. Furthermore, each passkey has a public key, which is the one on the application, and a private key, which is the one on the user’s device.
To hack a passkey, the hacker will have to access both keys. Thus, making it completely immune to security breaches. Passkeys are also phishing-resistant, unlike passwords. On con, however, when it comes to passkeys is a dependency on the device. If you lose the secondary device, you will have to reset the passkey. If that sounds inconvenient, experts suggest keeping a backup device.
Final remarks on the subject
All in all, I think the current circumstances support the stance that passkeys will replace passwords, and the future of basic internet security is to be passwordless. The pros also heavily outweigh the cons– from avoiding human error to avoiding hackers and phishing, passkeys offer way more security than passwords.
YouTube: Passkeys in Action (Christiaan Brand, Product Manager, Google and with Megan Shamas, Sr. Director of Marketing, FIDO Alliance)
Photo credit: The feature image is symbolic and has been done by Hay Dmitriy.