What are Passkeys?

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

If you’ve got any kind of hardware device, such as a computer, laptop or smartphone it’s equally likely you’ll have more than a few passwords. Multiply that by being connected to the internet and the figure likely rises even more. That’s why Passkeys are a recent technological development that’s evolved in the last decade or so and proves super useful if you’re getting tired of having to keep all those log-in details to hand. 

Sure, you could invest in a decent, paid-for password manager package, which helps alleviate a lot of the hassle with having multiple log-in details to think about. However, Passkeys are even more useful, in that it can help to reduce the number of passwords you use as well as making your accounts more secure. Hopefully, Passkey technology will also fend off more attacks by cybercriminals.

What are Passkeys?

Passkey technology is all about improving security and it’s a feature which shares many similarities with two-factor authentication. That works particularly well because, as the name suggests, it requires dual verification of an account before someone can sign-in. Frequently used on phones, the additional hurdle to get through can make life harder for cybercriminals to compromise your smartphone or laptop. 

With Passkeys though, there’s a subtle difference and it surrounds a multi-device Fast Identity Authentication or FIDO authentication, developed by the open industry alliance of the same name. It uses a notification, which is generally sent to an individual’s smartphone during a log-in process and lets them authenticate their credentials. Often, this is done using a PIN or biometric process and thereby removes the need for conventional letter and number combination passwords.

Are Passkeys convenient?

Having a log-in process that makes use of Passkey technology does tend to make life a little bit easier. For a start, it removes the need for a password, but at the same time it allows you to remain logged in to your account so streamlines workflow. There’s less to think about and even fewer hurdles to navigate, especially if you’ve been used to working with multiple accounts and, quite literally, hundreds of passwords. 

The other win with Passkey technology is that it can be deployed across a raft of operating systems and platforms. That makes Passkeys appealing as it simplifies usage with the technology being easy to use for a wide array of users, no matter what their skill levels or usability needs might be. Being based on Bluetooth, instead of Wi-Fi during the log-in process also means users can be more closely scrutinized during the process, because they’ll invariably be right next to the hardware they’re using.

How do Passkeys work?

The Passkey process requires that users register and link to the accounts they want to include in the arrangement, such as web browser access, which is then confirmed by a push notification. This is sent to your smartphone or similar device via Bluetooth connectivity. After unlocking your device, using a PIN or biometric level sign-in, a key is subsequently sent to the web service you wish to use and, if it all tallies, the log-in and access to your required account will be granted. 

One of the big benefits of Passkeys in this respect is that personal details, such as your biometric details, are always kept locally on the smartphone or laptop itself. That does a lot to quell the nerves of folks who get nervous about sharing their personal details, or having their data stored in other locations, such as data servers or cloud-type arrangements.

Are Passkeys more secure?

There’s no doubt that having access to Passkey technology means you’ve got a better safety net surrounding your log-in process than using traditional passwords. The process is much more convoluted from a hacker’s perspective, with the need to have access to your phone as well as being able to use the PIN or biometric details associated with the device. With the added benefit of this all being done via Bluetooth, it makes hacking a device or account remotely much less likely too. 

Considering just how many of us tend to rely on the same few passwords to access multiple accounts (which is never a good idea but the reality for lots of people), Passkeys redraw the security landscape considerably. With Passkeys, there is no password jumble to think about, and if you use one or a few passwords to do lots of things, it should make your online life a lot more straightforward and hopefully more secure too. 

In time, as the larger tech companies come on-board with Passkey technology, it should become even easier to keep multiple accounts locked down tight. Even more so once the tech giants agree to use the same FIDO standard across the different platforms.

Who is on-board with Passkeys?

While the intention to implement Passkey technology has been around for some time now, it has taken moves by the tech giants to really get the momentum going. Microsoft, Apple and Google, as well as other major players in the tech and business sectors, have now given the technology the go ahead by allowing their systems and apps to enable the use of passkeys, following the groundwork done by the FIDO Alliance. 

In fact, Google has now made the leap into letting its own users login to their Google accounts with passkeys, spelling clear just how serious its intentions are in pushing the technology out into the wild. 

In time, the use of Passkeys should, hopefully, reduce the likes of credential phishing and other account takeover attacks that we’ve had to deal with for so long. Better still, Passkeys should also help to reduce our reliance on standard passwords, with all the security weaknesses that come with them. Even if you’re using a quality password manager package, managing countless log-in details can be a chore, that’s for sure. 

Best of all though, while the rise of Passkey technology should make things much more secure, the other major benefit is convenience. By making use of the security capabilities of modern hardware, such as Touch or Face ID, Windows Hello and biometrics in general along with Passkeys, the whole process of accessing your accounts should become much easier and straightforward than it has ever been. That’s a definite step in the right direction.

We've listed the best business VPN.

TOPICS
Rob Clymo

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.

With contributions from