Passkeys and the future without passwords

In the digital age, passwords have become an essential part of our lives, securing our online accounts, personal information and funds. However, passwords are notoriously inconvenient and also pose a significant security risk. We have to remember a lot of them for different websites and applications, which can be overwhelming. Additionally, it can be challenging to create strong, unique passwords for each account. When a password is compromised in one account, all accounts associated with that password are compromised. Many people tend to reuse the same password or make minor changes, which makes them more vulnerable to hackers. Millions of them are compromised every year by data breaches and phishing attacks.

These security weaknesses and the inconvenience of passwords have led to a growing demand for a more secure and user-friendly method of authentication called passkeys.

What are passkeys

Passkeys are a revolutionary new approach to online login that promises to completely eliminate the need for passwords. They are a type of digital credential that uses public key cryptography to enable secure authentication without a password.

Creation

Passkeys are unique digital keys generated by your device, such as your mobile phone or computer, and stored on that device or in a password manager vault.

Synchronization between devices

If you use a password manager vault, such as iCloud Keychain from Apple, your passkeys will be automatically and securely stored on all your devices. The passkey created on your iPhone will therefore be immediately available for use on your macbook.

Usage

When you sign in to a website or app that supports passkeys, you'll be prompted to authenticate using your device's biometric features, such as your fingerprint, face recognition, or a secure PIN. This verification process creates a cryptographic signature that proves you own the passkey and are authorized to access the account.

Advantages over traditional passwords

Passkeys offer several advantages over traditional passwords, making them a significant step forward in online security:

• Improved security: Passkeys are immune to phishing attacks where hackers trick users into revealing their passwords. They do it, for example, by imitating a site. This is because passkeys are never shared with websites and the login process also verifies that you are actually trying to login to the website the key was created for. Hackers will therefore have a domain where they change one letter of the original domain, which they try to imitate to no avail.

• Improved Convenience: Passkeys are significantly easier to use than passwords. You don't have to remember long and complex strings of characters or worry about managing multiple passwords for different accounts. Most of the time, your finger or face is enough.

Summary

Passkeys are becoming increasingly popular and have been used and supported by major technology companies such as Google, Apple, Microsoft and Amazon for a long time. Also, various web and mobile applications are gradually starting to offer them as a supplement or a complete replacement for passwords. I happily use them for all my projects and I hope that the time when one has to remember a bunch of dangerous passwords will soon be a thing of the past on the entire Internet.