Anyone who uses Passkey no longer has to deal with passwords

All those passwords, preferably complex ones, that are essential for online security: “passkeys” should herald a password-free world. How does this work?

This wasn't quite a final picture, in the annual measure of the most popular passwords: “123456” at the top. The formula has been used more than 4.5 million times, according to research From the NordPass password manager. This password is not secure: “123456” can be hacked within 1 second. To make it more difficult for hackers, complex passwords can be used, preferably different for each website.

Remembering all of these passwords requires a strong memory or an extensive arsenal of stickers—neither of which are infallible. Another solution is a password manager, which is a digital list of passwords stored in the cloud. But this list is often protected by its own password.

It can be done differently. Google, Microsoft, and Apple have joined forces to eliminate all password-related frustrations in one fell swoop. Their miracle solution, Passkey, replaces passwords with verification on a smartphone. This can be done using your fingerprint, facial recognition, PIN or scanning a QR code – as if you were logging into a computer by unlocking your smartphone.

Passkeys are security keys that are unique to each website and account. These keys are divided into two parts, one belonging to the website in question and the other to Google, Microsoft or Apple. The verification process that users perform on their smartphones brings these two keys together – voilà, a password-less login.

half

This has a number of advantages, the most notable of which is that you no longer need to remember or enter passwords to log in. Additionally, using a passkey is more secure: malicious parties can steal your password, but the same can't be said for the split key behind the passkey.

“Even if a cybercriminal were to break into a Google or Apple password vault, only half of the passkey is in there,” says Dave Masland, director of computer security firm Eset Netherlands. “The other half is on your computer or mobile phone, locked behind your fingerprint, for example. To steal your passkey, cybercriminals have to break into your phone or computer, which is more complex than typical attacks.

This way, the passkey user is protected against phishing. This is an attack in which cybercriminals pretend to be a trusted party, such as a bank: a customer receives an email directing them to a fake website for that bank. There, the recipient is asked to log in, giving criminals the information needed to open a bank account. “You can't steal the passkey this way, because it's split into two parts, one of which is known only to the real bank,” Masland says. “If you visit a phishing site, you won't be able to log in there: the passkey isn't there.”

It has been exceeded

Passkeys are not completely risk-free. newly Researchers have found a way to bypass fingerprint authentication on some Microsoft computers. Ethical hackers were also able to compromise this company's facial recognition technology in 2021 using infrared facial images.

The passkey can be set up in about an hour, but must be done separately for accounts Google, apple And Microsoft. Aside from the three tech giants, a limited number of parties currently use the passkey. The biggest platforms that support it are Amazon, PayPal, WhatsApp, TikTok, and Nintendo.

There aren't that many websites out there yet, so anyone who's not yet convinced to switch should consider using a password manager. These programs, like Bitwarden and 1Password, secure a list of passwords and can even notify you if a password has been leaked for a fee.