What is: Passkeys?

Passkeys Header Image

I’ve already touched on the world’s love/hate relationship with Passwords in my previous article on the subject, but passwords have always been the most practical method for authentication for a number of reasons. This, however, is likely to change within the next decade or so, and the introduction of technologies such as “Passkeys” is set to be aimed at driving the passwordless revolution.

Passkeys are essentially a password replacement based on FIDO multi-device credentials technology, which allow for faster, easier and more secure sign-in experiences. What’s more is that these Passkeys are designed to be phishing-resistant (see my article on Phishing for more information on this subject) which is a big plus in the authentication and security space. Passkeys utilise cryptographic keys that are stored on trusted user devices from which one is able to authenticate to online portals or applications. Some providers offer the functionality to sync these Passkeys across multiple devices via cloud services, but this is usually an optional feature and one can choose to only store them locally, for added security.

In layman’s terms, Passkeys allow users to authenticate and access their favourite websites and applications using nothing more than their fingerprint (or other biometric factor) or a backup PIN code. This removes the requirement to have to remember multiple username and password combinations for different services and also heavily reduces the chances of credentials getting stolen or leaked, since they are directly tied to a user’s device and biometric factors. It’s also important to note that biometric data is not transferred to the provider and remains safely on the device. There are obviously more complex factors that make this whole process possible in the background, but for the sake of this article we will not be delving into these and will be sticking to this high-level explanation and approach.

Passkey technology has already been adopted by the biggest technology companies in the world. Microsoft, Apple and Google have all implemented or are in the process of implementing this technology in some way, shape or form within their operating systems, applications and on their devices, and support for this technology is spreading very quickly.

If you would like to learn more about Passkeys, stay up to date with the latest news from the companies pushing this technology into the mainstream or even to try a demo of how Passkeys work, take a look at https://www.passkeys.io/. The official site from the FIDO Alliance on Passkeys also has lots of interesting information should you be interested in learning more.

I’m very interested to see when (not if) new authentication technologies such as Passkeys will mean the end of passwords. Some users and organisations are so heavily invested in passwords that it might be difficult to transition, but with the push from the tech giants creating the day-to-day technologies used by these individuals and corporations, as well as the perceived return on investment (from a management, operational and security perspective) from using these technologies over passwords, we might see the death of the password sooner than we think.