Access with passkey
Is the traditional password obsolete?
The classic password could soon be a thing of the past.
© New Africa/Shutterstock.com
Because passwords are a security risk, the tech industry is working on a new login standard to overcome them.
Again and again, criminals take advantage of weak passwords. This sometimes has dire consequences – up to and including theft of the entire digital identity. And even if you have chosen a secure password, it is basically possible for hackers to access this too. Many IT, finance and shopping giants have now recognized this problem. The world’s largest tech companies have formed an alliance and are working to implement a security standard that is intended to make traditional passwords superfluous. What does this mean for users?
Numerous sites and portals on the web today rely on two-factor authentication, and banking institutions also secure transactions accordingly. However, many addresses can still only be reached via passwords. The FIDO Alliance was founded with the intention of changing that and developing both more secure and more convenient login methods.
Industry giants explain traditional password for outdated technology
FIDO stands for “Fast Identity Online” and is intended to do no less than throw the concept of the password overboard. In the meantime, the chances are not bad, because well-known allies have joined the alliance in recent years. From the shipping giant Amazon to the IT top dogs Apple, Google, Microsoft and Samsung to the meta group or money service providers such as Mastercard, Visa and PayPal, large companies support the idea of replacing the password. To log in, looking at the camera, which has become normal for many people, or tapping on the fingerprint sensor would then be sufficient to log in online – be it in social networks, with mail services, on bank portals, for online shopping, and, and, and.
Users need a so-called “passkey”. If users register with an online service or on a website, a new, matching and encrypted pair is created on their own device – such as a smartphone. While one of these keys migrates publicly to the respective service and is linked to the account, the other remains private on the device. The latter can then only be used to unlock if the user confirms his or her identity on the local device. This can happen via biometric data such as facial recognition or fingerprints, but also via a device PIN. Ultimately, logging in is just as easy for the user as unlocking the cell phone.
This should also work across platforms, for example if a user wants to log in to one site on both a laptop and a cell phone. The biometric information should the smartphone never left, according to FIDO. And the keys should therefore not contain any information that could be used by services to track users.
More convenience when logging in
The increased convenience of a FIDO login is obvious: Without having to take operating systems or individual service providers into account, users are offered a standardized login and registration method that is significantly more secure than the classic password.
Accessing the access data on multiple devices, even on a brand new smartphone, should also be possible in the future beyond the competition – just like logging into apps or websites on nearby devices. Apple explains, for example, that passkeys can be synchronized on all of a user’s devices via the end-to-end encrypted iCloud keychain.
Apple, Microsoft and Google have recently been in charge of the necessary technology and want to offer it on all platforms from 2023, because billions of devices worldwide already have the technical requirements.