Passwords: We all have way too many of them, and they’re probably not nearly as secure as we think. Passkeys are the next evolution of passwords, trying to bring us a more secure, password-free future.
For a long time, we’ve been using usernames and passwords to log into websites, apps, and devices. The concept is simple: you create a username—sometimes it’s just your email address—and pair it with a unique password (ideally) that only you know.
The big problem with passwords lies almost entirely with the people who create them. Since you have to remember the password, it’s easy to fall into the trap of using real words or phrases. It’s also common to use the same password in multiple places rather than using unique passwords for each website or app.
Obviously using your date of birth or a pet’s name isn’t a very secure password, but many people still do it. And once someone discovers it, they can then try it on all the other places where you’ve used the same password. This is why it is so important to use unique passwords and two-factor authentication.
Password managers have tried to improve this situation by generating random strings of characters for you, then remembering them so you don’t have to. This is better than creating your own passwords in plain language, but there is still room for improvement. Enter passkeys.
Related: What is two-factor authentication, and why do I need it?
passkey vs password
The username and password system hasn’t changed much over the years. Think of passkeys as a complete replacement for the old password system. Basically, you use the same method to unlock your phone to log into apps and websites.
This is one of the biggest differences between old passwords and passkeys. Your Facebook password works wherever you access Facebook. However, the passkey is associated with the device on which it was created. You don’t create a password that can be used anywhere, which makes the passkey even more secure.
To sign in on another device, you can scan a QR code from your phone and use the same security method to authenticate it. Since there are no passwords involved, there is nothing to leak or steal. Your phone must be there to sign in, so you don’t have to worry about any random person across the country using your password.
We’ve mentioned phones many times, and they’re also an important part of passkeys work. Nowadays, you pretty much need a mobile device to use passkeys. The idea is that your primary device is the “key”. Even if you created a passkey on your computer, you will need to have your phone near you for verification. Proximity verification is usually done via Bluetooth.
Technically, passkeys are an industry standard based on WebAuthn. Big names like Apple, Google and Microsoft have joined the FIDO Alliance to work on getting rid of passwords for authentication. Passkeys are the future.
Related: The problem with passwords is people
Should you use passkeys?
At the time of writing, passkeys are just starting to see more widespread use. As mentioned, passkeys are supported by Apple, Google, and Microsoft. It is also supported by 1Password, Dashlane, PayPal, eBay, Best Buy, Kayak, and GoDaddy. More companies are adding support all the time.
However, there is more to the equation. For websites, you need a compatible browser too. If you want to create a passkey for Best Buy, you’ll need to do so in Google Chrome or Apple Safari.
Furthermore, you must have a compatible operating system and a password manager. In the Apple world, this is Keychain. For Google, it’s Password Manager or a third-party app. Microsoft is Windows Hello.
As you can see, several layers of compatibility are needed, but we’re still in the early days of passkey adoption. As a user, you don’t have to worry about all of that. Services will ask if you want to generate a passkey if they support the feature and you are on a compatible device.
If you have the option to use a passkey, it’s easy to try. Not only are they safer, but they are also easier to use. Scanning your fingerprint or using Face ID to log into a website is much more convenient than typing in annoying passwords. The future is without a password.
Related: Why the future is passwordless (and how to get started)