What is a Passkey?
- Passkey is a new way to sign in to websites and apps that are secure and easier to use than passwords.
- Passkeys use public-key cryptography to create a unique key pair for each user.
- One key is stored on the user's device and the other key is stored on the service's servers.
- When the user signs in, the two keys are compared and if they match, the user is logged in.
- Passkeys can be unlocked using the user’s device built-in biometrics or other authentication methods.
Passkeys are a promising new technology that has the potential to make online security much stronger and user experience simpler.
Benefits of Passkey:
- No need to remember anything: Passkeys are very long sequences compared to passwords, which gives them robust security. Your device and the web server keep the passkey pair safe and match them up when necessary with a quick handshake protocol. Then, you'll use biometrics or a similar security to log in to your authentication device.
- More Secure than passwords: Passkeys are never stored on a server. Even if a hacker is able to gain access to a server, they will not be able to steal your Passkeys.
- Resistant to Brute Force Attacks: Passkeys are so long and complex that they are resistant to brute force attacks (would take billions of years to guess them).
- Resilient to Hacking attempts: Passkeys are resistant to hacking attempts because they are stored locally on your device and are not shared with the server. The server challenges your device with a unique code, and your device uses its private key to generate a response. The server then verifies that the response is correct. This process is called a "challenge-response" protocol.
- Protect from Phishing Attacks: A user cannot be tricked into authenticating on a deceptive site because the browser or OS handles verification.
- Reduce Costs: Passkeys reduce costs for sending SMS, making them a safer and more cost-effective means for two-factor authentication
Passkeys are a significant improvement over passwords. They are faster, more secure, and more convenient. Many brands will follow in supporting passkeys. I expect passkeys to become the standard for login security in the near future like how 2FA was adopted in the past.
Designate a specific mobile device with good biometrics as your go-to authenticator using passkeys. Also, you can easily transfer your passkeys to the new device (whenever you upgrade).
Overall, Passkeys are a much more secure and convenient way to sign in to websites and apps. Looks like the future of password-less authentication.
Will passkeys be the future? Let us know: Contact us. We are a CERT-IN Empanelled cyber security company based out of Bangalore. We are a CERT-IN Empanelled cyber security company based out of Bangalore.