Today’s Focus of Attention is reader-supported. We sometimes include products we think are useful for our readers. If you buy through links on this page, we may earn a small commission.
Passwords are dead. Long live Passkeys
Passkeys and Passwords are often used interchangeably, but they are totally different.
Passwords are a series of letters, numbers, and symbols we create when we sign up to a new app or website to protect our privacy and private information. They are stored in databases which frequently suffer data breaches, posing security risks to all of us.
If hackers access our passwords, they can get our banking info, personal data, anything they want.
Passkeys, on the other hand, are hardware-based codes that use biometrics such as fingerprints, PINs, swipe patterns, or our faces. They allow users to create new accounts or log in to apps or websites without the need to create, memorise (the worst part), or store a password.
A new level
Passwords appear to be a thing of the past.
At the 2022 Worldwide Developers Conference, Apple talked about how it joined efforts with Microsoft, Google, and other 250 companies to end the reliance on passwords across internet services.
Back then, Apple unveiled that its new macOS Ventura, launched in September 2022, would support Passkeys, so far the most secure way to access apps and websites on our Macs, iPhones, and iPads, ditching passwords thoroughly.
Passkeys were possible through the efforts of the FIDO Alliance (Fast IDentity Online), a group made up of some of tech’s biggest companies, such as Apple, Google, Meta, Amazon, and Microsoft.
On Apple, passkeys are synced through iCloud Keychain and are kept on our devices, which is an additional layer of security to keep our data safe from assault.
The idea behind eliminating passwords altogether is to prevent users from falling victim to database breaches, phishing, and/or bot attacks.
Our phones, computers, or tablets are our primary authentication source through Face ID or Touch ID. So, if a hacker wants to access our information, they need both our device and the passkey.
Passwords
Passwords are not a good security measure, we’ve known that for years. They have tonnes of issues.
In the first place, a solid password needs to be really knotty, with a unique combination of letters, numbers, and symbols. If we set up a secure, complex one, we still have to remember it; frustrating for many.
Passwords are a hacker’s best friend. Instead of a convoluted mix of characters, users tend to create easy-to-remember sequences, recycling them on different platforms. This is a golden opportunity for hackers who know that once they discover the first one, it will have a domino effect.
The second issue with passwords is their storage.
Our credentials are stored in databases, which can be breached. For instance, when we log into LinkedIn, the site accesses our password from a database. If, by chance, someone reaches such a collection of data, our information is compromised. When it happens, we must change our password forthwith.
The last issue with passwords is that they are prone to phishing attacks.
Imagine we receive an email from somebody pretending to be from our organisation, asking us to log into our company’s website. We truly believe this email is legitimate, and given the trick, we grant access to this person.
Passkeys
Implementing passkeys is one of the largest efforts to live a password-free life. They are a smarter and more secure system.
Passkeys are hardware based. Up till now, all we need is a fingerprint or a face scan. When we create an account for an app or website, Apple creates a unique digital key that will only work for that specific application or site.
The good thing is that such a passkey is stored only on our device and is not put on any server, solving the problem of data breaches or phishing.
Online security is not the only advantage of passkeys, they free us from remembering difficult passwords that we normally have in a text file or on paper. And every time we have to enter our apps, we turn to that list.
Still, passkeys also present certain drawbacks.
They use biometric information to log in – fingerprints, scanners, and cameras – but these are not always reliable, and not all the devices have them.
What about security? What if someone steals our ID and then uses our photo to access our apps or websites? What if we’ve got a twin? What if another person looks like us?
Using passkeys raises further questions.
Who owns and controls the data linked to the passkeys? The companies, or us? Doesn’t it fall into privacy laws’ land? Do governments need to enact new biometric protection standards?
A long journey
However, there is still a long way to go before passkeys are widely used. It will require developers from various services to follow this innovative method.
Apple is working closely with Google, Microsoft, and the FIDO Alliance to shorten this crusade. The idea is to have passkeys on all the platforms.
But let’s not forget that millions of devices in the world do not have fingerprint scanners.
What if our primary device doesn’t have Touch ID or Face ID? We’d still be using some type of password to log in until we upgraded to a newer one.
What if the scanner or camera fails? We’ve got to set up a backup password in case the biometric system stops working.
Bottom line, it’s a long climb.
Conclusion
Overall, passkeys are a great strategy, but of course they need to be improved. We also have to wait until all the apps and websites can use this system.
A passwordless future will not happen overnight, but the times when we had to write complex passwords and remember them are numbered.
Let’s see what lies ahead.
