In May, Google began rolling out passkeys, calling them "the beginning of the end of the password." Passwords have been with us since the mid-1960s, decades before computers became mainstream. But with more sophisticated cybercrime attacks, dated password technology does us more harm than good.
According to a survey by AllAboutCookies,
84% of people still use unsafe passwords (like birthdays and pet names), and
over half of survey respondents admitted having five or fewer passwords for all their accounts. Sure, we could do
better. But these stats are also a testament to how annoying and ineffective
passwords are. Google and other major players in the industry believe that
passkeys are the "key" to a simpler - and safer - future.
What Is A Passkey?
Instead of relying on something you remember (like a
password), digital passkeys rely on something you have (like a device) or
something you are (like a fingerprint or face recognition) for secure
authentication.
Here's How Passkeys Work
Passkeys use public-key cryptography. This is how it works:
Your device has a pair of keys, a public key and a private key. The public key
is shared with whatever website or app you want to access. The private key is
stored securely on your device ONLY.
When you try to sign into a site, the site sends your device
a digital "challenge" to check if it's really you. The website uses your public
key to send a challenge back to your device. Your device then uses the private
key stored on it to decrypt and read the challenge - think of it like a decoder
ring. The challenge confirms who the user is and sends a message back to the
application. If the authentication is successful - i.e., the keys match - the
website knows the response truly came from your device. It's like a secret
handshake between your devices and the sites you use. This way, a hacker cannot
log into your accounts without the private key from your device. This provides
an added layer of security compared to passwords.
Try It Out With Google!
If you have a Google account, you can try out passkeys for
yourself.
1. Go to g.co/passkeys.
2. Click "Get passkeys" and sign in.
3. Choose "Use passkeys," then follow the prompts!
Note: Passkeys are automatically created for Google devices, but you must be set up separately for other devices.
Why Passkeys Are Better
If you use a passkey, a hacker must have your device (and be
logged in), fingerprint or face to log in. Also, passkeys are encrypted on your
device instead of on servers, so even if your company's data is breached, they
can't access your passkey.
Because companies like Google, Microsoft, Apple and Amazon
are already using passkeys, this is sure to be the future of authentication. It
will take time for other sites and companies to get on board. Continue to use
strong, secure passwords in the meantime and store them in a password manager.
