Hello everyone and welcome to ZD Tech, ZDNet’s daily editorial podcast. My name is Guillaume Serries and today I’m telling you why we will pass from passwords to passkeys. And above all, why it is better.
Goodbye passwords? The password manager editor 1Password has just announced that in 2023 it will support password keys, or access keys. And a demo is already available.
But what are passkeys? “Passkeys” is the term in English, use the WebAuthn standard, created by the FIDO Alliance and the World Wide Web Consortium – the W3C – and are used to replace passwords with pairs of cryptographic keys.
Public key and private key
This pair is composed of a public key which can be shared and a private key which cannot be shared, and which allows users to log in to accounts.
WebAuthn is supported by Google Chrome, Apple Safari, and Microsoft Edge. WebAuthn keys also work with biometric systems like Apple’s Face ID and Microsoft’s Windows Hello.
1Password will therefore join Apple, Google and Microsoft who have already made passkeys available to developers and users for their respective browsers and operating systems.
Passkeys are more resistant to phishing than passwords
Last month, PayPal added support for iPhone, iPad and Mac passkeys to log in to paypal.com.
But what is the difference between passkeys and passwords? Well, passkeys are more resistant than passwords to phishing and brute force attacks on passwords. They also make it possible to dispense with a two-factor authentication code, which makes passwords more secure.
1Password claims that the main advantages of passkeys are that they are strong by default, and more importantly that there is no need to remember them since they are stored on the device.
Above all, the private key is not shared with the website to which one connects. And finally, the public key cannot be used to guess the private key.