If you’re like most people, you probably have lots of accounts with lots of passwords. Some write them down, while others save them in a browser or password manager. No matter where you keep them, they aren’t safe. Watching the news, you hear about a new security breach at a major company almost daily. If you reuse passwords, your risk of getting hacked increases dramatically, as some hackers get a password for one platform and try it with that email/username on multiple platforms.
The industry tried to fix this by adding Two-Factor (or Multifactor) Authentication. An example of 2FA/MFA is when you are prompted to enter a code sent to your device after entering a password. Unfortunately, hackers found all sorts of creative ways to trick people into providing their 2FA/MFA codes, making them as vulnerable as passwords.
Just for fun, type your email address into Have I Been Pwned to see how many breaches it has been involved in. When you’re sufficiently horrified, come back and I’ll give you some hope.
A Passwordless Future
There is hope for a passwordless future in the form of passkeys. A passkey is like a digital handshake between a “key” on your device and a “key” on the site or server you are trying to access. In order to activate the key that lives on your device, you would use facial/fingerprint recognition or the PIN/password that unlocks the device when logging into the site prompts it. You can’t accidentally give someone this key.
You may already be using a passkey without realizing it. If you ever use your phone to log into a service and a prompted to scan your face/fingerprint or enter your device’s PIN/password, you’re using a passkey.
Passkeys are easier to create than passwords, and they don’t need to be remembered or guarded. Once a passkey is created, it doesn’t need to be reset regularly to maintain security. Passkeys are more secure than passwords, because they are stored on your devices. Hackers would need access to both the key on your device and the key for the website or server you are trying to log into. Unlike usernames and passwords, the keys are kept in different places and are unique to you and your devices. Overall, passkeys are the safest, easiest option, but not all platforms support passkeys yet.
Which Sites Support Passkeys
Many of the largest tech companies and online vendors offer passkeys. Here are some examples – click on one for more information about how to create a passkey:
More platforms and websites support passkeys every day. To see if a site you use offers passkeys, check this growing list of sites that offer passkey login, or check the platform/website’s help files.
Summary
Passkeys are more secure and simpler to use than passwords. Because of the increased security, many platforms are moving to passkeys to authenticate users. Users should switch to passkeys whenever they are offered the opportunity.
