For those of us who have spent decades juggling an ever-expanding list of passwords, it’s easy to yearn for simpler times. Or, like many people, you run the risk of a hack on one site exposing a password you reuse on another (yeah, people do this because they can’t memorize so many passwords). In our world where the lines between our online and offline lives continue to blur, the need for stronger, yet more convenient security measures has become increasingly urgent. How to solve that conundrum? Enter “passkeys.”
What Are Passkeys?
Passkeys are at the forefront of a digital revolution aimed at simplifying while fortifying our online security. This innovative technology, championed by tech giants like Apple, Microsoft, and Google, is rooted in the Fast IDentity Online (FIDO) Alliance’s mission to create a safer alternative to traditional passwords.
In essence, a passkey is a FIDO credential securely stored on your computer or smartphone, serving as your key to unlock your online accounts. These passkeys utilize public key cryptography to ensure that only you, the rightful owner of the credential, can access your accounts.
The Passkey Advantage
Passkeys eliminate the need to remember an ever-expanding list of complex passwords, making the sign-in process simpler and more secure. How does it work?
- On your smartphone, you can unlock your accounts by simply unlocking your phone. The passkey takes care of authentication, and you’ll no longer need a traditional password.
- On your computer, having your phone nearby allows you to unlock your accounts. Your phone acts as the key, granting you access on your computer.
- Or you can carry around an actual physical security key, a small external device that looks like a thumb drive or tag, (like this one) which gets used for verification when signing into your accounts.
A Passwordless Future
The ultimate goal of passkeys is to replace traditional passwords and eliminate the need for security “Band-Aids” like security questions, multi-factor authentication, and authenticator apps. By making use of public key cryptography, passkeys can validate your identity without the need for the server to know the actual passkey. It’s a revolutionary shift in online security.
The Role of Public Key Cryptography
Public key cryptography, a concept dating back to the 1970s, forms the foundation of passkeys. It’s what enables secure connections on the web, as exemplified by Secure Sockets Layer (SSL) and Transport Layer Security (TLS). In the context of passkeys, this cryptography ensures that the user’s device, confirmed by biometrics, possesses the passkey without revealing the passkey’s actual content. It’s a magic trick of sorts—authentication without the need for the server to know your passkey.
Why Were We Stuck with Passwords for So Long?
The evolution of passkeys was held back by the need for computing power. Until around 2010, most individuals didn’t carry powerful pocket computers (smartphones) with them. Now, with the widespread availability of smartphones, passkeys are set to revolutionize online security.
Lost Your Phone? No Worries!
One common concern is what happens if you lose your phone. Passkeys are designed to be incredibly secure in this regard. Possession of your device, along with your unique biometric identifiers, is essential to access your accounts. If someone gets hold of your device, they can’t use your passkey. And if you lose your device, you can easily create a new passkey on your replacement device.
Passkeys are more secure and user-friendly, promising a passwordless future that finally relieves us from the burdens of complex passwords while providing robust protection for our online identities. This exciting leap in online security ensures that the future of authentication is as convenient as it is secure.
So how do you set up a Passkey? Simple!
1. Log into an account that supports them like @BestBuy:
2. Follow their instructions:
3. You’re done:
Google just announced that Passkeys will be the default on their platform
and Apple now supports Passkeys in iOS 17 and MacOS.