mathisworks/Getty Images
You probably use a lot of passwords. Even with the help of password managers, passwords are becoming more and more of a burden for most people.
Gone are the days when you could use and reuse weak passwords like mypassword123. Now all your online accounts must be protected with passwords that are both complex and unique.
And you need to remain vigilant in case one of your many passwords is compromised. There must be a better solution. And there is one. THE passkeys (which can be translated as access key).
What is a passkey?
Passkeys are an authentication method for websites and apps that was popularized by Apple in June 2022 when the company added support for passkeys (yes, it’s a common name and so it’s spelled in lowercase) in iOS and MacOS. However, this is not Apple proprietary technology. It is a standard promoted by Google, Apple, Microsoft, the World Wide Web Consortium and the FIDO Alliance.
Passkeys are cryptographic keys and each passkey consists of two keys: a public key registered with the online service or application, and a private key stored on a device such as a smartphone or computer.
This all sounds complicated, but passkeys were designed to be easy to use. In fact, to log in using a passkey, you will use your face, fingerprint or PIN, the same way you unlock your smartphone.
Passkeys in action. Adrian Kingsley-Hughes/ZDNET
You see ? No password in sight. There is nothing to remember (except sometimes a common code) and nothing to accidentally pass on to a hacker.
Passkeys also get around the problem of syncing passwords between your devices.
Let’s say you normally sign in to your Google account using a smartphone, but you want to do so using a laptop. This is no problem even if the password is not synced with the laptop, as long as the smartphone is within Bluetooth range of the laptop and the user approves the connection.
What’s even more awesome is that the key is not transferred between smartphone and laptop. After confirming the connection, the user even has the option to create a key on the laptop.
Isn’t logging into a website or app with your fingerprint or face risky?
No.
No biometric information is sent to the website or application you access; This biometric information is only used to unlock your device password.
Biometric information never leaves the device.
What do I need to use the passkeys?
Here are the configuration requirements to use the passkeys:
- A system running at least Windows 10, MacOS Ventura or ChromeOS 109
- A smartphone or tablet running at least iOS 16, iPadOS 16 or Android 9
- Optional: A hardware security key that supports the FIDO2 protocol.
The computer or mobile device you use must also be equipped with a compatible browser, such as:
- Chromium 109 or higher
- Safari 16 or higher
- Edge 109 or higher
The major technology players (Apple, Google and Microsoft) all have additional information on the use of passkeys on their platforms.
Which websites support passkeys?
You can find a list of websites that support passkeys at passkeys.io.
Some of the most popular websites and apps that support this technology include Adobe, Google, PayPal, TikTok, Nintendo, and GitHub.
How can I get an idea of how passkeys work?
If you’re not yet ready to take the plunge and start using passkeys, the best way to experience how they work is to use the demo at passkeys.io. It will guide you through the process of creating a passkey and using it to log into a site.
Using passkeys.io. Adrian Kingsley-Hughes/ZDNET
If you’re ready to take the plunge, start by securing your Google account using Passkeys. Not only has Google simplified the process, but detailed documentation is also available.
Are passwords dead?
Unfortunately, we are still very, very, very far away. Passkeys, like hardware security keys, can harden accounts and online services that support this functionality.
You will need passwords and password managers for a long time to come.
Source: “ZDNet.com”