Passwords are a pain. We all know it. They are hard to remember, easy to forget, and often compromised by hackers. However, what if there was a better way to sign in to online accounts? A way that is faster, easier, and more secure than passwords? Well, there is. It is called passkeys.
Passkeys are a new standard for web authentication aiming to replace passwords with biometric sensors, PINs, or patterns. With passkeys, users no longer have to enter a username or password, or provide any additional authentication factor. Rather, one can just use their fingerprint, face, or other biometric feature to unlock their device, and then, if necessary, tap or scan a QR code to sign in to any website or app supporting the feature.
Unlike traditional usernames and passwords, passkeys are based on the WebAuthn protocol, which is an open standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. In this way, WebAuthn uses public-key cryptography to create a unique digital key for each user and each website or app. The key is stored in an encrypted format on one’s device, and is never shared with anyone else. So even if a hacker manages to steal the passkey from a website or app, they will not be able to use it to sign in to any other website or app, or even the same one on a different device.
Passkeys are also resistant to phishing, which is one of the most common ways hackers trick users into revealing their passwords. Passkeys essentially eliminate falling victim to fake emails, websites, or apps trying to impersonate legitimate ones. Users will be able to easily verify the authenticity of the website or app by scanning with their chosen biometric device. If the Passkey matches the website or app, users can proceed with confidence. If not, simply abort the sign-in process and report the phishing attempt.
Other than being infinitely more secure, convenient and user-friendly, passkeys are already supported by some of the biggest names in the tech industry, such as Google, Microsoft, Apple, Facebook, Nintendo and many more. As the industry moves towards safer logins for users, compromised passwords will, hopefully, eventually become a thing of the past.
Given how passkeys are stored ‘on device’, some may be wondering about “what if I get a new phone/laptop”? The good news is most major providers, namely Apple, Google and Microsoft, have thought about this, which is why they store one half of the key in the cloud for transferring between devices. Generally speaking, most modern devices are already secured with biometric authentication; ensuring passkeys remain protected in the event of the device being stolen.
To try out how the entire passkeys system works, visit passkeys.com or fidoalliance.org/passkeys. Doing so provides a host of additional information and instructions on how to set up passkeys on user devices and how to enable them on supported websites and apps. Google’s video on the topic (embedded below) is excellent for those who might still be on the fence about this change. With all of the above in mind, let us rejoice in the prospect of a more secure and password-less future!
Owner, founder and editor-in-chief at Vamers, Hans has a vested interest in geek culture and the interactive entertainment industry. With a Masters degree in Communications and Ludology, he is well read and versed in matters relating to video games and communication media, among many other topics of interest.