Passwords have been the standard authentication method for decades but are becoming increasingly insecure. Passwords can be easily guessed, stolen, or hacked, and many users reuse the same passwords for multiple accounts. This makes it easy for attackers to access multiple accounts if they can compromise just one password.
Passkeys are a new type of authentication credential that is more secure and easier to use than passwords. Google recently announced it would make passkeys the default user sign-in method—a significant step towards phasing out passwords altogether.1
What Are Passkeys?
Passkeys are digital keys stored on your device to sign in to websites and apps. They are based on public key cryptography, which is the same type of cryptography that is used to protect HTTPS [think secure Internet page] connections.2
- Some examples of common passkeys include:
- A fingerprint or facial scan
- Authenticator apps that generate one-time passwords (OTPs)
- A physical security key, such as a YubiKey
- A Bluetooth LE device, such as a smartphone
- A combination of any of the above
To use a passkey, you usually first need to create it on your device. You can do this by using your device’s built-in security features, such as fingerprint scanning or facial recognition. Once you have created a passkey, you can sign in to any website or app supporting passkey.
When you sign in to a website or app using a passkey, your device sends the passkey to the website or app. The website or app then verifies the passkey with your device. If the passkey is valid, it signs you in.
The Benefits of Passkeys
Right now, only a limited number of websites and apps support passkeys. However, support for passkeys is growing rapidly, and most security experts expect more and more websites and apps to support passkeys shortly.3
Passkeys offer several benefits over passwords, including:
- Increased security: Unlike passwords, attackers can’t guess, steal, or hack passkeys.
- Improved usability: You don’t need to remember them.
- Reduced risk of phishing attacks: Attackers can’t trick you into revealing your passkey to them.
The phase-out of passwords and the rise of passkeys is a positive development for security and usability. Passkeys are more secure than passwords and easier to use. As more and more websites and apps support passkeys, users can expect to see a significant reduction in the number of phishing attacks and other security breaches.
How To Get Started
The first step to using passkeys is to make sure that your device supports them. If not, you’ll need to update your device’s software or buy a new one.
Once you’ve confirmed that your device supports passkeys, you can enable them by using the built-in security features.
Get More Information on How You Can Use Passkeys
Contact us to see if you should start implementing passkeys as part of your cybersecurity protocols, and what the best way might be to do it for your organization.
- Google’s Passkey Popularity Leaves Passwords in the Dust – The National CIO Review
- What are passkeys? Experience the life-changing magic of going passwordless | ZDNET
- Should You Use Passkeys Instead of Passwords? – Consumer Reports