Passkeys are coming

Passkeys Are Coming. Here's What You Need To Know.

Zak W. Feb. 1, 2024 3 min read
password manager password passkey
Have you heard of passkeys before? There have been many articles about Twitter’s new passkey support this week, so I figured it would be an excellent time to dig in.

Whether you use Twitter or not, it’s good to have a basic understanding of passkeys, as they are becoming more popular across many other platforms, and they will help make your digital life easier and more secure.

What Are Passkeys & Why Should I Care?

Passkeys allow you to sign in to a service using the FaceID or PIN of your device. For example, to log in to Gmail, PayPal, Twitter, or iCloud, you can activate Face ID on your iPhone, Android phone’s fingerprint sensor, or Windows Hello on a PC.

Maybe you’ve already started using passkeys and didn’t realize it? I have a few apps on my iPhone that allow me to ‘sign in with FaceID,’ I generally enable that option when available.

Are Passkeys More Secure?

Most people don’t use password managers and instead fall into the common pitfall of reusing low-complexity passwords across different sites. If that’s you, then passkeys will indeed improve your security!

At the same time, because passkeys rely on storing a private key on your device, there is a risk that the device is compromised, and your accounts can also be compromised. So, if you use passkeys, use a strong pin or, better yet, biometrics like face or finger ID.

Passkeys are considered to be phishing-resistant because of the way the keys are stored on devices. While that claim must withstand the test of time, passkeys will likely make phishing in the context of web and application authentication an order of magnitude more complex. That’s a big win.

Ultimately, passkey security is complicated and nuanced, but I recommend enabling passkeys when available.

Conclusion

Passkeys are a new technology designed to make authentication (logging into sites and apps) more secure and easy. Instead of creating a password for a given site, your phone or computer authentication gives you access to the site instead.

While there is a lot to unpack here, and it’s not entirely black and white, in general, these claims are valid, and you should aim to use passkeys in favor of the standard passwords when possible.

Here’s a site that’s tracking which sites have passkey authentication available: https://passkeys.directory/

If you have questions about passkeys, please join our Facebook group, Information Security for People Over 50, and contact us!