Newsletter

Passkeys Over Passwords 

By

Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and many websites already support it. 

Signing in with passkeys is easier, faster, and more secure than passwords. It is like unlocking a smartphone.  

There are four sections. The first shows a login screen on a smartphone. The second is a user approval screen where the user is prompted to use their passkey for a given website. The third section says "Passkey selected" and has tells the user to use your screen lock. The final section says "Login Complete".
This graphic depicts signing in from a smartphone, but Windows and Apple computers support passkeys, too. 
There are four sections. The first shows a login screen on a smartphone. The second is a user approval screen where the user is prompted to use their passkey for a given website. The third section says "Passkey selected" and has tells the user to use your screen lock. The final section says "Login Complete".
This graphic depicts signing in from a smartphone, but Windows and Apple computers support passkeys, too. 
There are four sections. The first shows a login screen on a smartphone. The second is a user approval screen where the user is prompted to use their passkey for a given website. The third section says "Passkey selected" and has tells the user to use your screen lock. The final section says "Login Complete".
This graphic depicts signing in from a smartphone, but Windows and Apple computers support passkeys, too. 
  1. You’re prompted to sign in. 
  2. You verify using your device’s biometrics, entering a PIN, or touching your device with a physical security key. 
  3. Your device selects the appropriate passkey. 
  4. You’re logged in. 

If you’re logging in from a device that does not store your passkey, you can sign in via Bluetooth, by scanning a QR code, or through a password manager that supports passkeys (more on this later).  

Passkeys eliminate the hassles of creating and remembering complex passwords. While faster and easier, passkey’s security improvements may not be as obvious.  

Security Improvements 

Imagine a criminal trying to log in to your bank account. Criminals can’t use a fake login page or Google form to phish your credentials if your login uses a passkey. Your device wouldn’t recognize the illegitimate login page and wouldn’t apply your passkey. This is one example of how passkeys are more phishing-resistant than passwords. 

What about my password manager? 

If you already use a password manager, kudos to you! You don’t need to abandon it to start using passkeys. Many password managers support storing passkeys. This means you can continue storing passwords for websites that haven’t yet adopted passkeys and start storing passkeys once they become available. 

Rather than store passkeys on my smartphone, I prefer storing passkeys in my password manager. That way, I can log in wherever I’ve downloaded my password manager: phone, tablet, work computer, and personal computer.  

If you would rather store passkeys on your smartphone, you can still recover your passkeys if you lose the device. According to Apple, passkeys can be retrieved through iCloud keychain escrow. Similarly, Google says that as long as you have the screen lock turned on and Android 9.0 or newer when you use passkeys on your Android device, they’re stored in your Google Password Manager. 

The Downside 

Most websites and apps don’t yet support passkeys. As of this writing, Facebook, Instagram, and Netflix don’t support passkeys, but Amazon, TikTok, and Google do. You can check a list of websites/apps currently supporting passkeys at the Passkeys.directory

Want to try a passkey demo? You can experience the passkey login process at Passkeys.io – A Real-World Passkey Demo & Info Page or Passkeys Demo (passkeys-demo.appspot.com)

Platform Specific Guidance 

Apple – Use passkeys to sign in to apps and websites on iPhone – Apple Support 

Google – Sign in with a passkey instead of a password – Google Account Help 

Windows – Passkeys in Windows – Microsoft Support 

Further reading 

Passkeys (Passkey Authentication) (fidoalliance.org) 

How FIDO Works – Standard Public Key Cryptography & User Privacy (fidoalliance.org)