Chances are that many of you are already familiar with passkeys. Many people are still not, however. The term ‘passkey’ has been very difficult to miss in the last couple of years, especially if you’re reading about tech. That term is also often used in relation to passwords, as many people have been saying it will end passwords. So it has to be important, right? Well, it kind of is, but it seems to be confusing quite a few people. In this article, we’ll try to explain what passkeys are, and provide you with a bevy of information on them.
What are passkeys?
Passkeys are basically alternatives to passwords that are supposed to keep your accounts even more secure. They’re also easier to use than passwords. Sounds wonderful, doesn’t it? Passkeys are basically different login credentials that allow you to log into your favorite sites and services. They rely on public-key cryptography instead of your username and password. In other words, you don’t need to remember anything, as long as you’re logging into sites/services from a device you already own. Your devices basically get a single-use logic credential every time you sign in to an account. That way, they cannot be stolen or anything of the sort, so they’re more secure than passwords.
Who created passkeys?
Passkeys were created by FIDO Alliance, an industry group that includes companies like Apple, Google, Microsoft, Intel, Amazon. Meta, Samsung, PayPal, 1Password, Dashlane, Mastercard, and a lot more, actually. All of these companies realized that passwords were becoming a problem, which is why passkeys were created. They all wanted a unified standard to make things not only more secure but easier for users. That’s how passkeys were born. And while the official explanation can sound a bit complicated considering the mention of ‘public-key cryptography’, everything is very simple on the user side of things.
Why do passkeys exist?
Passkeys exist because passwords have become a problem, basically. People have a habit of using the same, weak passwords repeatedly, which creates a security problem. That’s why companies have started introducing various demands for passwords. Demands such as including letters, numbers, and symbols, all three to be included in a password. On top of that, they started requiring specific lengths to passwords, and so on. Needless to say, that created a problem for users on a different level. They had to make up new passwords depending on requirements from various websites, which in turn created more and more different username and password combinations which are really difficult and annoying to keep track of. On top of that, they’re vulnerable to phishing scams. Also, if your password manager provider messes up, your login credentials are at risk. The bottom line is, passwords have become an issue, hence the introduction of passkeys.
Who are passkey providers?
A passkey provider is an entity that enables the creation, management, and use of passkeys, basically. There are first-party and third-party passkey providers. First-key party passkey providers are operating system that enable passkey creation and management, like iCloud Keychain and Google Password Manager, for example. Thid-party password managers basically integrate with the platform through APIs, those are 1Password, Dashlane, NordPass, Proton Pass, Samsung Pass, and more.
What apps use passkeys?
Accounts need to support passkeys in order for them to work, of course. Not many of them do, but the major players in the industry do support them, at least in the tech world. Google, Microsoft, PayPal, TikTok, and so on. So as long as you log in through your Google Account, for example, you can use passkeys. There are a ton of companies involved, and the vast majority of them are clinging to passwords. It wasn’t easy for the FIDO Alliance to get passkeys to the point where they are at the moment. Passwords are far from being dead.
How do passkeys work?
Let’s say you want to use Google as your first-party passkey provider. In that case, things go through the Google Password Manager. Google will need to confirm your authenticator for passkey logins, which can be your smartphone, tablet, or perhaps your desktop PC. Private and public keys are generated by your authenticator, and the public key is stored on a company’s website for when you want to login. A private key remains a secret, and it ends up being stored on your device.
Once it’s time for a login, your passkey provider will send a challenge to the authenticator, and it will be up to your private key to solve it, and then send a response back to the server. Once that is done, you’ll be able to access the account you’ve been trying to log into. From a user perspective, you can set things up so that only your fingerprint is required on your smartphone, and that’s it.
What happens when you change a device?
So, considering passkeys are tied to your device, e.g. a smartphone, you may be wondering what happens if you change your smartphone, upgrade to a new one. With passwords, that’s not exactly a problem, as you’re supposed to remember them, so you can simply type them in elsewhere. Well, it’s not exactly a problem with passkeys either. You can easily transfer them to your new device.
On Android, for example, when you set up your new phone, your end-to-end encryption keys will be transferred to it, along with the rest of your data. Just make sure that you do actually transfer your data. If you’re wondering what happens if you damage or lose your device, and are unable to access its data, well, that’s not a big deal either. You can still recover your passkeys from an online backup. You will need to provide your PIN, password, or pattern in order to do that, though, of course. On iOS, the process is a bit different, but it’s also not a problem to recover your passkeys.
Where can you use passkeys?
Tons of sites and services support passkeys at this point in time. The situation is much better than it was a couple of years ago. If you’re still wondering what the exact list is, 1Password actually has a really nice directory, a list if you will. You can access it by clicking here, and it’s also searchable. So if you’re wondering if some specific site/service supports passkeys, type it in, and voila. Or you can simply scroll through the list, which is alphabetical. Either way, you’ll easily get the information you need.
Are they expected to replace passwords?
Many people have been saying that passkeys will replace passwords. That doesn’t mean passwords will go fully extinct, but that passkeys will be used as a predominant method of login. That was the whole purpose of their creation after all. Will it happen, though? Well, that remains to be seen, as the usage hasn’t really spread as fast as FIDO would like. People still mostly use passwords, even though passkeys are, indeed, an easier and technically more secure method of login. We’ll see how things will go in the coming years, but it seems like FIDO is sticking to the plan.
2024-05-22 15:09:06