Home / Security / What are passkeys? Experience the life-changing magic of going passwordless

What are passkeys? Experience the life-changing magic of going passwordless

Passkey concept

mathisworks/Getty Images

You probably have a lot of passwords in your life. 

Even with the help of password managers, passwords are becoming more and more of a burden for most people.

Also: 5 quick tips to strengthen your Android phone security today

Long gone are the days of being able to use and reuse rubbish passwords like p455w0rd123. Now, all of your online accounts need to be protected by passwords that are both complex and unique.

And you’ve got to be ever vigilant in case one of your many passwords is compromised.

There’s got to be a better solution. And there is — passkeys.

Passkeys are an authentication method for websites and apps that were first popularized by Apple in June 2022 when the company added support in iOS and MacOS. However, it’s not an Apple technology. Passkeys is a standard that’s promoted by Google, Apple, Microsoft, the World Wide Web Consortium, and the FIDO Alliance.

Also: The best VPN services: Expert tested and reviewed

Passkeys are cryptographic keys and each passkey consists of two keys, a public key that’s registered with the online service or app, and a private key that’s stored on a device, such as a smartphone or a computer.

That might sound complicated, but passkeys have been designed to be easy to use. In fact, to log in with a passkey, you’ll be using your face, a fingerprint, or a PIN in much the same way that you unlock your smartphone. 

The advantage of passkeys is that even if a hacker gets their hands on a website’s public key, the user’s account is still locked because they don’t have access to the private key on the user’s device. 

Passkeys in action

Screenshot by Adrian Kingsley-Hughes/ZDNET

The screenshot above proves the benefits: no passwords in sight, nothing that needs to be remembered, and nothing to accidentally hand over to a hacker.

Passkeys can also help you get around the issue of having to synchronize passwords between your devices.

Also: 6 simple cybersecurity rules to live by

Say you normally log in to your Google account using a smartphone, but you want to log in using a laptop. That’s no problem, even if the passkey isn’t synchronized with the laptop, as long as the smartphone is within Bluetooth range of the laptop and the user approves the login.

What’s even cooler is that the passkey isn’t transferred between the smartphone and laptop, but after confirming the login, the user instead gets the opportunity to create a passkey on the laptop.

No, because no biometric information is sent to the website or app that you are accessing; instead, this biometric information is only used to unlock the passkey on your device.

The biometric information never leaves the device.

Here are the system requirements for passkeys:

  • A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
  • A smartphone or tablet running at least iOS 16, iPadOS 16, or Android 9
  • Optional: a hardware security key with FIDO2 protocol support

The computer or mobile device you are using will also need a supported browser, such as:

  • Chrome 109 or greater
  • Safari 16 or greater
  • Edge 109 or greater

The major tech players — AppleGoogle, and Microsoft — all have more information about how to use passkeys on their platforms.

You can find a list of websites that support passkeys at passkeys.io.

Some well-known websites and apps that support the technology include Adobe, Amazon, Google, GitHub, PayPal, TikTok, Nintendo, WhatsApp, Shop by Shopify, and X. Recently, we’ve seen eBay and Uber adding support for passkeys.

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

Passkeys are growing in popularity, and fast.

Yes, Google is now asking users to create a passkey and to use that passkey as the default login. 

Using a passkey to log in to your account is about 40% faster and a lot more secure than using passwords. Google’s reach means its decision will not only help spread the word about passkeys, but it will encourage other online services to do the same. 

Also: The best VPNs for streaming your favorite shows and sports

In fact, Google is clear that its plan is to make “passwords a rarity, and eventually obsolete”.

Not ready to use a passkey for Google yet? You can skip this option and continue to log in to your account the old way. 

Passkeys should work, whether you use a service that’s via the browser or an app.

But the experience might not be universal. For example, Amazon has just rolled out support for passkeys, but support in the app is currently only available for iOS users. These are early days for passkeys, and soon we can expect accross-the-board support.  

If you’re not yet ready to take the plunge and start using passkeys, the best way to experiment with how they work is to use the demo over on passkeys.io. It will guide you through the process of setting up a passkey and how to use it to log in to a site.

Using passkeys.io

Screenshot by Adrian Kingsley-Hughes/ZDNET

If you’re ready to take the plunge, a great place to start is by securing your Google Account with a passkey. Not only has Google made the process easy, but there’s also extensive documentation available.

Three password managers that I’ve tried are Dashlane1Password, and Bitwarden. These tools will help ease the transition from passwords to passkeys. 

Source link

About admin

Check Also

Grab the best weatherproof Wyze Cam alternative for just $40 this Memorial Day right now

Maria Diaz/ZDNET What’s the deal? The all-new Blink Mini 2 is now available for $30 ...

Leave a Reply

Your email address will not be published. Required fields are marked *