Passwords are the standard way we log on to pretty much everything, everywhere.
The catch? Passwords are inherently insecure. They can be stolen, guessed, or brute forced. But mostly, people just use bad ones. (And, worse, reuse them.)
Password managers can track all those various alphanumerics for you and even replace the weak ones. But password management is a half measure when it comes to security. The real action is in eliminating passwords altogether.
The Passwordless Plan
Microsoft, Apple and Google plan to roll out no-password logins across all of their platforms, using a standard set by the FIDO (Fast Identification Online) Alliance. This sets the worldwide standards for passwordless authentication.
That’s a bit of a mouthful… so some people call this a passkey. A lot easier to remember.
A passkey works in a similar way to multi-factor authentication (where you use a separate device to prove it’s really you), but with less effort required.
It’s very simple. To login to something, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re sat nearby. Because Bluetooth only works a short distance, this should stop many phishing scams. Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint or PIN.
You’ve probably experienced this for yourself. You go to log in to a site or fire up an app, and instead of being asked to enter a password you get a prompt to enter a six-digit code from your authenticator app, tap a notification on your phone, or click a link sent to your email. Or maybe you just need to raise your phone to your face. Easy peasy.
And that’s it. You’re logged in.
Passkeys rely on something called public key cryptography. When you register with an application or website a key pair is made between the website and your phone. These are really long numbers that are connected in some way. But you’ll never see them, and you certainly don’t have to remember them. Your phone verifies the pair when you unlock it in the normal way.
Your passkeys will be backed up in the cloud, so if you get a new device, you can simply transfer over your information. In the same way it’s now easy to set up a new phone to be just like your old device.
These passkeys are not only simpler for you but should keep your data safer.
There is no password for cyber criminals to steal. And your phone needs to be close to your computer to login. It’s not fool proof, but it’s a lot better than the current situation with passwords and multi-factor authentication.Share