Passkeys – the key to a password-free future
Have passwords, password managers and multi-factor authentication become things of the past? It seems so. Providers such as Google and Apple are already using passkeys. But how does this new login method work, and how secure is it really?
With passkeys, you will in future be able to log in to various online services without needing to enter your password. Instead, you will authenticate yourself via your smartphone or tablet using a PIN, a master password, facial recognition or a fingerprint. Not only is this faster and more convenient; it is also more secure than traditional login processes. Passkey technology has been developed by Google and the FIDO Alliance (FIDO = Fast Identity Online) – which also counts companies such as Microsoft, Apple and Amazon among its members.
How do passkeys work?
A passkey consists of two different keys, which work together to enable you to log in. The public key is stored in the online service you are using – whether a website or an app – while the second, private key is stored on your smartphone or tablet. This second key is an asymmetric crypto-key, which consists of a very long, randomly generated sequence of characters. Nobody – not even you – knows what this key is made up of.
It sounds complicated, but it’s practical and easy to use in everyday life, because the technology does almost everything for you. The online service doesn’t ask for your data, but instead asks your device to confirm its request. The process is similar to the authentication process used in e-banking.
What makes passkeys so secure?
Passkeys eliminate the risk of phishing and other cyberattacks by reversing the traditional authentication process. The trick is that the connected device generates a new password for every login. This makes it impossible for hackers to steal your password because it will be invalid at the next login attempt. If you authenticate yourself using facial recognition or a fingerprint, and without a PIN or master password, nobody else can log in using passkeys in your name.
Passkeys in review
There’s no shortage of hype about passkeys from experts. But every technology has its advantages and disadvantages. Here is a brief summary:
Advantages
- You no longer have to come up with creative passwords, memorise them and enter them manually.
- No more time-consuming two-factor authentication.
- Nobody can steal your password because you no longer have a password known to you.
- Access is more secure than with any other system used to date, and hackers are locked out.
Disadvantages
- You can only access your accounts with your own verified device.
- If your biometric identification (e.g. facial recognition) is compromised, you will not be able to log in if you have selected this authentication.
- You can no longer share an account, such as Netflix or Amazon Prime, with others.
- If you are threatened, it is possible to gain access quickly using facial recognition or a fingerprint.
Where can I use passkeys already?
Some major tech companies already rely on passkeys. For example, the system is integrated into Apple’s iCloud Keychain and the Google Account. You can find out how to activate them with Apple, Google and Microsoft in the linked step-by-step instructions from the providers. Also see the Passkeys directory for an alphabetical list of other services that already support passkeys.
Useful links
Already use passkeys? Share your experiences with the Community!
