In 1961, MIT computer science professor Fernando Corbato invented the first digital password for a computer designed for research, perhaps without an inkling about the impact his invention would have on society. Fast forward to the 21st century and passwords have almost become synonymous with cybersecurity. However, this is not a positive thing when you look closer.
Despite the efforts to educate people about the importance of using stronger passwords over the years, the most common passwords remain “password” and “123456” revealing how vulnerable most people’s accounts are. Clearly, things aren’t working too well for this authentication method, so big tech has stepped up with a solution – passkeys. In this article, we explore what passkeys are, how you can enable them, and how they could eventually eliminate the need for passwords.
What are passkeys?
Passkeys are a type of security feature that allows users to access their online accounts without using passwords. They are built on the WebAuthentication or WebAuthn standard which uses public-key cryptography to better secure your accounts. Instead of typing a password, users can simply enter a passkey that is sent to their email or phone as a one-time code. This way, users can avoid the hassle of remembering and typing complex passwords, and also protect their accounts from hackers who might try to guess or steal their passwords.
Passkeys can also be used in combination with other security methods, such as biometrics or PINs, to provide an extra layer of protection. They are becoming more popular among online services that want to offer a more convenient and secure way of logging in to their users.
How do passkeys work?
Passkeys work by using public-key cryptography, a technique that involves two related keys: a public key and a private key. The public key is stored on the web server, while the private key is stored on your device.
When you log in, the server sends a challenge to your device, which uses the private key to solve it and send back a response. The server then verifies the response with the public key, without needing to know the private key. This way, no secrets are exchanged or stored on the server, making passkeys more secure than passwords.
What do you need to get started with passkeys?
The good news is that most of the latest phones and PCs can use passkeys, thanks to the collaboration of major tech companies like Microsoft, Google and Apple. These companies have developed passkeys using the standards of FIDO Alliance and W3C.
If you have an iPhone running iOS 16+, iPad running iPadOS 16+ or Mac running macOS Ventura, you can use passkeys with TouchID or FaceID instead of a master password.
If you have an Android phone or tablet running Android 9+, you can use passkeys with Google Password Manager, which is a service that stores and syncs your passwords across your devices. If you have a Windows PC, you can use passkeys with Windows Hello. You can use passkeys on both Windows 10 and Windows 11, as long as you’re logged in with your Microsoft account.
As for your web browser, you can use passkeys with Chrome, Edge, Safari or Firefox, as they all support this new technology. You just need to make sure that they’re updated to the latest version.
How to create and use passkeys
To create a passkey, you need to have an account with a provider that supports passkeys, such as Microsoft, Google, or Apple. Then, you need to sign in to the app or website that supports passkeys and enable the passkey option. Once you do that, you will have a passkey that is unique to your account and device.
Priyamani says ‘half the scenes in The Family Man were improvised’ by Manoj Bajpayee, but Shah Rukh Khan sticks to the script
Bigg Boss Tamil 7: Here’s the list of contestant set to enter Kamal Haasan show
To create passkeys on iOS and macOS, you need to activate iCloud Keychain on your devices first. Then, when you sign up for a new account on a supporting website or app, you can choose to use a passkey instead of a password. You can sign in with a passkey using Touch ID, Face ID, or a QR code.
To create passkeys on Android devices, you can go to g.co/passkeys, sign in to your Google account, and click “Create a passkey”. Follow the prompts to verify your identity and add the device as a passkey. You can repeat these steps on multiple devices.
Will passkeys kill the password?
The answer is not so simple. While passkeys offer many advantages over passwords, such as higher security and easier usability, they also face some challenges, such as compatibility and adoption. Not all websites and services support passkeys yet, and not all users are aware of or willing to use them. But with companies like Google, Apple, and Microsoft pushing passkeys so strongly, it may not be a surprise if passwords vanish completely in the near future.