PayPal adopts passkeys, access keys (or codes) which should replace passwords. The online payment giant starts with Apple, before expanding its effort to Microsoft (Windows) and Google (Android)
Passwords aren’t dead yet, but the grave is already dug. We already know the name of the device that will succeed them: the “passkeys” (keys or access codes in French). And we now know one of the first services to switch to this new system: it is PayPal. On October 24, 2022, the online payments giant announced that it was starting to support passkeys.
Gradual deployment at PayPal
In fact, PayPal is even one of the very first to position itself on passkeys, because it is still a very young device. The company’s announcement coincides with the arrival of passkeys in Apple’s software ecosystem: these access keys have been available since October 24, with the deployment of the Safari browser in version 16.1 and the arrival of macOS Ventura.
No need to rush to your PayPal account, however, even if you have Apple products. Deployment begins in the United States. For other countries, the company is counting on a calendar from 2023. It will also be on this date that support for passkeys will be extended to other technological platforms – in this case, Android and Windows.
The strategy with passkeys is to provide a universal and interoperable password replacement solution. To do this, Apple, Google and Microsoft have formed an alliance this spring and each is working to integrate these codes into its environment. Apple talked about it at a conference in early June and Google is starting to adapt Android and Chrome.
What exactly are passkeys?
The passkey movement goes beyond the Big 3 tech: passkeys are an industry standard created by the Fido Alliance and the W3C consortium that replaces passwords with cryptographic key pairs. PayPal is a member of the Fido Alliance, like countries, and other tech groups (Amazon, Intel, Facebook, Netflix, Twitter, Sony, Samsung, etc.).
The arrival of passkeys does not in any way mean the end of passwords on PayPal. The platform just adds an additional connection solution, which aims to be easier to use and more secure, because these codes have the merit of erasing common weaknesses in passwords. Internet users are free to adopt it or not.
The system proposed by Apple involves unique access codes, which remain on the device. They are never stored on a web server. They can circulate between different devices belonging to the same individual (iPhone, iPad, Mac, etc.), via end-to-end encryption and the iCloud keychain.
This mechanism protects them from a data leak caused by an intrusion on a computer server, but also from phishing attempts to steal connection information (username / password): they cannot not be reused. Another advantage: there is no need to memorize them, because it is biometrics (Face ID or Touch ID) that will be used.
