Is it time to ditch passwords for good? Google, Microsoft and Apple all seem to think so. Here’s what you need to know.
Text-based passwords have been around since the dawn of the internet, and have served their purpose well, but maybe it’s time that something better came along.
The problem with traditional passwords is that they can be stolen, as we’ve seen happen with numerous data breaches over the years.
Of course, there have been steps taken to mitigate this risk, with things like two-factor authentication and password managers, but neither is especially convenient.
That’s where passkeys come in, the new tech hoping to replace passwords once and for all. Here’s what you need to know.
What are passkeys?
In simple terms, a passkey is a replacement for a traditional password that’s much more secure, and can’t be leaked during a data breach.
Instead of text input, passkeys use a form of biometric authentication to confirm your identity, such as the fingerprint scanner or Face ID on your smartphone.
For desktop computers and other devices without built-in biometric scanners, you simply scan a QR code on your mobile device and then you can use your face or fingerprint to log in.
The passkey is generated on each login and is never reused, therefore phishing scams and leaks present no risk to passkey users. Great stuff!
Passkeys are built to an industry standard created by the FIDO alliance and World Wide Web Consortium. This means that they can work across different operating systems, browsers, mobile ecosystems, websites and apps.
What devices can use passkeys?
You may remember Apple talking about passkeys during its WWDC 2022 keynote, but this is far from an Apple-exclusive technology.
As we mentioned in the last section, passkeys are created to an industry standard and Apple, Microsoft and Google have all committed to expanded support for the feature.
This commitment was announced in May 2022 and includes allowing users to access their passkeys across many devices, including new ones, without having to re-enrol. It also states that users should be able to use passkey sign-in on a nearby mobile device regardless of the operating system or browser choice.
On Apple devices, passkeys are stored in the iCloud Keychain and are available on all devices where you’re signed in with an Apple ID. The feature is supported on iOS 16, iPadOS 16, macOS Ventura and newer.
On Android, Google Password Manager stores and syncs your passkeys. Passkeys from Google Password Manager are available to all Android apps, including Chrome and other browsers.
On Windows, you can use Windows Hello to sign in with passkeys. Passkeys used on Windows will be synced with your Microsoft account, and can be accessed wherever you’re logged in.
When can I start using passkeys?
If you have a supported device, you can start using passkeys right now, you’ll just need to find a service that supports it, too.
That’s about to get a whole lot easier if you use a Google Account (and you probably do), as Google announced on May 3 2023 that it is rolling out passkey support for all users on all major platforms. Just visit g.co/passkeys to turn it on.
It’s still early days for the technology, but it’s so secure and easy to use that we expect it to become a very common option over the next year or two.
As it stands, there are already numerous high-profile companies supporting passkey login, and you likely already use at least one of them.
Here are some of the biggest brands supporting passkey login at the moment:
- Best Buy
- Dashlane
- eBay
- GoDaddy
- Kayak
- Nvidia
- PayPal
- Safari
- WordPress
If you’re creating a new account, the option to use passkeys will be present from the get-go. However, if you already have an account, you may be able to switch to a passkey login instead.
This process will differ between brands, but it’ll usually involve visiting your account settings and security and sign-in options.