In a bid to bolster security while simplifying the login process, tech giants like Microsoft, Google, and Apple have joined forces to introduce passkeys. These passkeys offer a promising alternative to traditional passwords, reducing the risk of theft by hackers. But how do they work, and where can you use them? Here’s a comprehensive guide to passkeys.
Passkeys represent a departure from conventional passwords, serving as a more extensive and cryptic form of authentication. Unlike passwords, you won’t directly encounter your passkey; it operates entirely within your device’s domain.
In technical terms, passkeys are cryptographic entities rooted in the principles of public-key cryptography. They consist of public keys, securely stored on cloud servers, and private keys housed on specific devices, such as your smartphone or laptop. This combination ensures robust protection against unauthorized access to your device and data, making passkeys an effective deterrent against phishing attempts.
How Passkeys Function
To initiate a secure login using passkeys, your device employs biometric authentication (e.g., fingerprint or facial recognition), a PIN, or a swipe pattern. A single login is all it takes, followed by a passkeys notification prompting you to approve the login request.
Setting Up and Using Passkeys
You can establish passkeys in two ways: during the creation of a new account or by replacing an existing password with a passkey.
When creating a new account with a passkey, you’ll provide a username or email address. Your device will then generate an encryption key pair for your account, and authentication will be conducted through biometrics, a PIN, or a swipe pattern—depending on your device’s default settings. Your passkey will be securely stored and synchronized across all your devices.
Alternatively, for existing accounts, you can upgrade to a passkey-based login. Log in using your current username and password, and you’ll receive a prompt to transition to a passkey. Both your original password and the new passkey will be stored, but subsequent logins won’t require the old password.
Passkey-Compatible Sites and Services
While passkeys are gaining traction, they are still relatively new. As of mid-2023, several notable websites and services support passkeys, including PayPal, Shopify’s Shop, Instacart, KAYAK, Robinhood, Adobe, Tailscale, GitHub, TikTok (on iOS), Best Buy, Cloudflare, and eBay.
Password management company 1Password operates Passkeys. directory, a platform listing websites that currently support passkeys. Some password managers, like Bit warden, are also integrating passkey support.
Passkeys are compatible with a range of devices thanks to collaborative efforts by tech giants adhering to FIDO Alliance and W3C standards. They are supported on iPhones running iOS 16 or later, Android smartphones (requiring a screen lock), and Windows 10 or 11 PCs through Windows Hello. Major web browsers like Safari, Chrome, Edge, and Firefox also offer passkey support.
The Security of Passkeys
Passkeys offer significant security enhancements over traditional passwords. They are longer, enhancing protection, and do not necessitate manual entry, eliminating the need to remember them. The device and web server securely store passkeys, requiring only biometric or other authentication methods for validation.
This robust security resists brute force attacks and renders most phishing techniques ineffective. Passkeys are too complex for contemporary hacking software to swiftly guess. Intercepting them is unfeasible, as only the private key can accurately resolve and accept the server’s presented events.
Furthermore, sharing passkeys with third parties is impossible, thwarting phishing attempts and enhancing security.
In the ever-evolving landscape of online security, passkeys offer a promising path toward more robust protection against data breaches and hacker attacks. To bolster your data security further, consider exploring the best antivirus software and VPN services available.