What are passkeys?

For every site we need to access we have an account with a password to remember and even with the help of password managers, these are becoming more and more of a burden for most people.

Long gone are the days when it was possible to use and reuse junk passwords like 123456, password, qwerty etc… Now, all online accounts must be protected by complex and unique passwords, you must also always be vigilant in case one of the many passwords is compromised.

There has to be a better solution for accessing accounts! Indeed there is, they are the passkeys.

Passkeys are an authentication method for websites and apps first popularized by Apple in June 2022, when the company added support in iOS and MacOS, however it is not an Apple technology. Passkeys is a standard promoted by Google, Apple, Microsoft, World Wide Web Consortium and FIDO Alliance.

Passkeys are cryptographic keys and each passkey is made up of two keys, a public key registered with the online service or app and a private key stored in a device, which can be a smartphone or a computer.

It might seem complicated, but passkeys were designed to be easy to use. In fact, to log in with a passkey you use your face, a fingerprint or a PIN, more or less in the same way as you unlock a smartphone.

No password in sight, nothing that needs to be remembered and nothing to accidentally hand over to a hacker, we are simply asked to confirm the access method (fingerprint, PIN…).

Passkeys can also help solve the problem of having to sync passwords between your devices, let’s say you normally log in to a Google account using a smartphone, but you want to log in using a laptop – it can be done, no problem Even if the passkey is not synced to the laptop, the important thing is that the smartphone is within Bluetooth range of the laptop and the user approves the login.

What’s even more interesting is that the passkey is not transferred between the smartphone and the laptop but, after confirming the login, the user has the option to create a different passkey on the laptop.

Logging in to a website or app with your fingerprint or face is not risky because no biometric information is sent to the site or app you are accessing, the biometric information is only used to unlock the passkey on the your device.

Biometric information never leaves the device.

To use the passkey you must have some system requirements, we list them below:

  • A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
  • A smartphone or tablet with at least iOS 16, iPadOS 16 or Android 9
  • Optional: a hardware security key with FIDO2 protocol support.

The computer or mobile device you are using will also need a supported browser such as:

  • Chrome 109 or later
  • Safari 16 or later
  • Edge 109 or higher

The tech giants, Apple, Google and Microsoft, all give more information on how to use passkeys on their platforms.

But which websites support passkeys? You can find a list of websites that support passkeys at passkeys.io.

Some well-known websites and apps that support the technology are: Adobe, Amazon, Google, GitHub, PayPal, TikTok, Nintendo, WhatsApp, and X. eBay and Uber have also recently been seen adding support for passkeys.

Passkeys are becoming more and more popular and fast.

Google goes one step further, it has made the default passkey for all accounts, now it asks users to create a passkey and use it as the default login.

Using a passkey to access your account is about 40% faster and much more secure than using passwords. The very fact that Google is using it means that its decision will not only help spread the word about the passkey, but will encourage other online services to do the same.

The passkeys should work, whether you use a browser service or an app.

But the experience may not be universal. For example, Amazon just rolled out passkey support, but in-app support is currently only available to iOS users. In fact, we are at the beginning of the use of the passkey and we could expect greater support soon.

If you want to get an idea of how passkeys work but aren’t quite ready to take the plunge and start using them, the best way to experiment with how they work is to use the demo at passkeys.io. It will walk you through the process of setting up a passkey and how to use it to access a site.

However, if you are ready to take the plunge, a great starting point is to protect your Google account with a passkey. Google has not only simplified the process, but there is also extensive documentation available.

The question to ask is whether passwords are dead, we are a long, long way from the end of passwords. Passkeys, just like hardware security keys, offer a way to strengthen accounts and online services that support this functionality.

We will need passwords and password managers for a long time to come.