Passkeys: The Beginning Of The End Of Passwords

Source: Vector Choice - URS Preferred Partner.

In May, Google began rolling out passkeys, calling them "the beginning of the end of the password." Passwords have been with us since the mid-1960s, decades before computers became mainstream. But with more sophisticated cybercrime attacks, dated password technology does us more harm than good.

According to a survey by AllAboutCookies, 84% of people still use unsafe passwords (like birthdays and pet names), and over half of survey respondents admitted having five or fewer passwords for all their accounts. Sure, we could do better. But these stats are also a testament to how annoying and ineffective passwords are. Google and other major players in the industry believe that passkeys are the "key" to a simpler - and safer - future.

What Is A Passkey?

Instead of relying on something you remember (like a password), digital passkeys rely on something you have (like a device) or something you are (like a fingerprint or face recognition) for secure authentication.

Here's How Passkeys Work

Passkeys use public-key cryptography. This is how it works: Your device has a pair of keys, a public key and a private key. The public key is shared with whatever website or app you want to access. The private key is stored securely on your device ONLY.

When you try to sign into a site, the site sends your device a digital "challenge" to check if it's really you. The website uses your public key to send a challenge back to your device. Your device then uses the private key stored on it to decrypt and read the challenge - think of it like a decoder ring. The challenge confirms who the user is and sends a message back to the application. If the authentication is successful - i.e., the keys match - the website knows the response truly came from your device. It's like a secret handshake between your devices and the sites you use. This way, a hacker cannot log into your accounts without the private key from your device. This provides an added layer of security compared to passwords.

Try It Out With Google!

If you have a Google account, you can try out passkeys for yourself.

1. Go to g.co/passkeys.

2. Click "Get passkeys" and sign in.

3. Choose "Use passkeys," then follow the prompts!

Note: Passkeys are automatically created for Google devices, but you must be set up separately for other devices.

Why Passkeys Are Better

If you use a passkey, a hacker must have your device (and be logged in), fingerprint or face to log in. Also, passkeys are encrypted on your device instead of on servers, so even if your company's data is breached, they can't access your passkey.

Because companies like Google, Microsoft, Apple and Amazon are already using passkeys, this is sure to be the future of authentication. It will take time for other sites and companies to get on board. Continue to use strong, secure passwords in the meantime and store them in a password manager.

To learn more Contact us