A lot of security concerns revolve around passwords because of their many weaknesses. However, we may be headed towards a future where such attacks are largely a memory.
This is thanks to passkeys, a new type of authentication that sidesteps many problems of passwords while also offering incredible convenience. Let’s learn about them and their many advantages.
What Is a Passkey?
A passkey is a new type of login authentication that serves as an alternative to a password, while packing in the benefits of two-factor authentication to boot. It allows you to sign into apps and websites using the security methods that are already part of your device.
For example, instead of having to remember a password for your Google account (or sign into your password manager), you sign in using your iPhone’s Face ID, or the fingerprint scanner on your laptop. This allows a private “key” stored on your device to authenticate with the public “key” that the website holds, confirming that you’re the right user and letting you access your account.
Passkeys work using a similar concept to the chips in modern credit cards. When you insert the chip of your card to make a purchase, a one-time code is generated. This number is useless outside of that specific transaction, so it’s not a danger if someone steals it.
Passkeys work in the same way. When you authenticate with your device’s security measure, the code this action generates is only valid for a single login to the website in question. It’s thus useless to attackers for anything outside of that event.
How Passkeys Improve on Passwords
Passwords have various problems, which mostly stem from human nature. These include:
- A strong password is complex and thus hard to remember. This leads to many people creating weak passwords and using the same few passwords across websites, which is terrible for security.
- Passwords can be stolen through social engineering. Attackers regularly send phishing emails and text messages to bait you into handing over your credentials.
- Some weaknesses of passwords can be alleviated by using two-factor authentication, but this is an additional step not everyone takes. Plus, not all two-factor authentication methods are equal.
Password managers solve a lot of these problems, but they’re not perfect. There’s a lot involved in the initial setup of a password manager, and they don’t always work seamlessly across devices. Plus, if your password manager was compromised, an attacker would have access to your entire password library.
Meanwhile, passkeys elegantly solve these problems. Because there’s nothing to remember (other than perhaps a PIN you use to log into your device), you don’t need to make and memorize a strong password for every site. The login process is smoother, as you can log into every site using the same method.
Importantly, passkeys can’t be stolen through phishing. Because each passkey is only valid with the site it’s created for, an attacker can’t use a fake site to trick you into providing a passkey. The protections of two-factor authentication are also built into the process, because you need something you have (your device) and something you are (your fingerprint or face scan) to log in. This prevents someone across the world from stealing your login.
If you haven’t used passkeys before, the closest equivalent is using Face ID on your phone to unlock your password manager and autofill a password into an app. With the same security step you use every time you unlock your device, you’ve authenticated your login with minimal hassle.
Can I Start Using Passkeys Now?
Passkeys started properly rolling out in 2023, so they haven’t seen wide adoption yet. However, several popular services are compatible with them, allowing you to give them a try today if you’re interested.
Take a look at 1Password’s Passkeys Directory for a live list of accounts that support this new authentication method. At the time of writing, popular options include Amazon, Google, Microsoft, Best Buy, and PayPal. You may be prompted to try using a passkey when you sign in, or can go into your account options to switch to this security type.
Several password managers, including 1Password, offer support for passkeys as well. If you’re already protecting your online life with a password manager, you can upgrade to this more secure option without much of a change in your workflow.
Passkeys Solve Many Password Problems
While passkeys can’t fully eliminate security attacks and will take time to see widespread usage, they’re an excellent step to a more secure future that’s also simpler for everyone. Rather than having to create and protect hundreds of passwords, passkeys let you use your device to sign in without worrying about extra steps.
Until then, it’s wise to make sure your password manager is as secure as possible.