Passwords Are Passé: The Brave New World of Passkeys
Remember when passwords were simple? Maybe your dog’s name, or your birthday? Your phone number? Unfortunately, those days are gone. Hackers have become incredibly clever, and simple passwords won’t protect your accounts anymore. But wait! There’s a new, easier, and much safer way to log in and it’s called a passkey.
The Problem with Passwords
We’ve all been there: forgetting a password, struggling to create a “strong” one with random letters and symbols, or worrying about a data breach where our passwords might be stolen. The truth is, passwords have several weaknesses:
Even “strong” passwords can be vulnerable to sophisticated hacking techniques.
Many of us (most of us) use the same password for multiple websites, meaning if one site is compromised, all our accounts are at risk.
Phishing scams and counterfeit websites can fool us into giving away our passwords.
Passkeys: A Simpler and Safer Way to Log In
Imagine logging into your favorite website or app simply by using your fingerprint, face scan, or PIN on your phone or computer. That’s the magic of passkeys.
How Do Passkeys Work?
Instead of a password you type in, a passkey creates a unique digital “key” for each website or app. This key is stored securely on your device (like your phone or computer) and is tied to that specific website.
When you create an account or enable passkeys the website generates two keys: a public key and a private key. The public key stays with the website. The private key stays on your device, protected by your fingerprint, PIN, or face ID. When you log in, your device verifies your identity (fingerprint, PIN, face scan, etc.) and uses the private key to prove to the website that you’re you. No password to type, and no chance of someone stealing it.
Passkeys are more secure because:
- You don’t have to create or remember complex passwords.
- Since there’s no password to type, phishing scams become much less effective.
- Each passkey is unique, so even if one website is compromised, your other accounts are safe.
- Passkeys use advanced encryption, making them much harder to crack and much stronger than traditional passwords.
- Passkeys are stored locally on your device (computer, phone, tablet) meaning they are not being stored on a company’s server where they could be stolen in a data breach.
- Most passkey systems offer cloud syncing, so if you get a new phone or computer, your passkey can safely transfer over.
How to Use Passkeys
Many popular websites and apps are starting to offer passkey support. Look for options like “passkeys,” “security keys,” or “biometric login” in your account settings.
Follow the website’s instructions to create a passkey. This usually involves verifying your identity with your device’s fingerprint, face scan, or PIN.
The next time you log in, you’ll be prompted to use your passkey. Simply verify your identity, and you’re in!
Will Passkeys Completely Replace Passwords?
While passkeys are a significant step forward, they will take time to replace passwords completely.
Some people are reluctant to try new technology and not all websites and apps currently support passkeys.
As more and more companies embrace passkeys, and as people realize how secure and easy to use they are, it is very likely that passwords will become less and less common and passkeys will become the primary way to log into online accounts in the future.
Passkeys offer a simpler, safer, and more convenient way to log in. They eliminate the hassle and risks of passwords and provide much stronger protection against hackers.
So, next time you see the option to use a passkey, give it a try. You might just find you never want to type another password again!
I am very nearly 95 years old with some serious health problems. If I use say a finger print for a passkey how will my executors access my bank accounts when I finally fall off the perch ?
Fingerprint scans are only one option. You can use PIN instead and tell your loved one what your PIN is.
Tired of people deciding things for us without our input…
A royal pain in the “you know what.”
Does a face scan take into consideration added wrinkles that look worse in the morning? How about plastic surgery, or something less dramatic like botox?
I worked for a company that used fingerprint scans to log into work each shift. I was constantly being told to ‘use lotion on finger before scanning’ by the scanner because my skin was so dry. It wasn’t funny when 30 people were waiting behind me to check out of work.
But, we all know technology is foolproof, right? Nothing can go wrong, right?
I agree with Yvonne.
But then, I’m from the plug & play generation which was far less stressful. How do developers plan to hide our identities from AI?
It sounds like a great and safer way to log in. I have already done so on a few of my accounts. It’s much easier than having a password, and even though I have powerful passwords, I feel safer using the passkey. I hope that other apps follow suit soon. Thanks for the great info.
Not very clear. Presumably the device means the same device that you are using to open the Web site for example a PC . How do you create a fingerprint, face scan, or PIN on your PC.?
If you use a PIN isn’t that the same thing as a password so where is the extra protection ?
It means whatever device you’re using. If you log into a website on your phone or computer you will have to confirm that device is yours by using your fingerprint, PIN or face scan. Each device has its own passkey for a site. But your PIN, fingerprint or face scans does not change. It confirms it’s you trying to access the site. You only use on of the 3 verification methods per device. For example, my computer does not have a fingerprint scanner but my smartphone does. If I log into my banking site on my computer I use my PIN to confirm it’s really me and on my phone I use my fingerprint to confirm it’s me. The passkey created on each device does not change.
You create the PIN or fingerprint (etc.) by device for a each site when you set up your passkey. It’s not like a password. When you go to site A on your PC and they allow a Passkey you set it up while on your PC with a PIN, fingerprint or face scan. If you visit that site on your phone you set up a Passkey on your phone . You only have to it once for each site you want to use a passkey for.
I’m unclear about one thing. Let’s say I log in to the bank site on my laptop and use xxxx for my passkey. The next time I log in to my bank I’m on my phone and need to use a passkey. Do I have to remember xxxx is my passkey or will just using my fingerprint on my phone do? AND Can I use the same passkey for different sites or must I come up with a unique 4 or 5 digit passkey for each one?
Is this better than using Bitwarden or another good password program?
use the password manager that you like best… the important thing is to use one and use 2-factor authentication or switch to passkeys where you can.
Hi,
Please forgive me if I’m missing a critical point, but it seems like if you start using Passkeys, then you need to make sure Cloud Synching is available. If it’s not, and your device breaks or gets lost, unless you have another device with its own passkey for a particular site already on it, then you’re out of luck.
Example – my banking site; if I use my iPhone and a passkey to log in, and my phone gets lost, then I would need to log in with another device that has it own unique Passkey to that site already on it . If I don’t, and there’s no working cloud synch, then I’d be locked out of my banking site. Am I understanding this correctly?-or am I missing something?
I guess you can tell I’m a worry-wart. I just want to know what kind of backup exists for being able to log in.
Also, if you start using a Passkey for a particular site, does that mean you can’t ever use a password again. Does using a Passkey burn my bridges behind me.
I guess I’m uneasy about not being able to personally know my log in credentials – other than to verify that I am the legitimate owner of the device.
Thank you.
I understand your hesitation with passkeys. They’re a relatively new concept, and it’s natural to stick with what you know, especially passwords. Let’s take a look at what passkeys are and why they might actually be a better option than passwords in the long run.
Think of passkeys as digital keys that are unique to each website or app you use. Instead of typing in a password, you use something you already have, like your fingerprint, face ID, or a PIN, to unlock access.
Here’s a simpler way to think of it:
Passwords: Imagine having to remember a secret code for every door in your house.
Passkeys: Imagine having one master key (a PIN, your fingerprint or face ID) that unlocks every door, and that key stays safely locked inside your house (your device).
The key is you do have control over passkeys – your PIN, your fingerprint, your face.