Chances are you've heard the term "passkeys" in the past few weeks. They are being presented as a future replacement for using passwords to access your websites and apps. But, are they truly secure? Let's take a closer look.
A passkey is similar to a digital identification. Your device generates two keys:
• Public key - This is what is stored on the website or apps.
• Private key - This is retained securely on your device, i.e. phone, laptop.
When you log in, your device will use the private key to authenticate that its you. At no time will the website see your password. This means there is no possibility of someone stealing your password over the internet.
• No phishing attacks: Hackers can't deceive you out of your password, as there isn't one.
• Unique, each for each site: Each passkey is distinct for every website. If one site gets hacked, your other accounts aren't vulnerable.
• No guessing attack: Hackers can't guess your passkey as they might be able to do with a password.
• Stored locally: Your private key never leaves your device, limiting exposure.
If a website experiences a data breach, the most that attackers would be able to access is the public key. Your data would still be protected because the public key is worthless without the private key.
A passkey is similar to a digital identification. Your device generates two keys:
• Public key - This is what is stored on the website or apps.
• Private key - This is retained securely on your device, i.e. phone, laptop.
When you log in, your device will use the private key to authenticate that its you. At no time will the website see your password. This means there is no possibility of someone stealing your password over the internet.
Why Passkeys Are More Secure Than Passwords
Passkeys are safer than a regular password, for the following reasons:• No phishing attacks: Hackers can't deceive you out of your password, as there isn't one.
• Unique, each for each site: Each passkey is distinct for every website. If one site gets hacked, your other accounts aren't vulnerable.
• No guessing attack: Hackers can't guess your passkey as they might be able to do with a password.
• Stored locally: Your private key never leaves your device, limiting exposure.
If a website experiences a data breach, the most that attackers would be able to access is the public key. Your data would still be protected because the public key is worthless without the private key.
How Passkeys Are Distinct from Passwords
Passwords can be reused on different sites and are easily stolen. In contrast, here are just a few advantages of passkeys:- They only work for one site. Each passkey is unique.
- They remain on your device. They aren’t stored on external servers.
- They require biometrics or PINs. You must use your fingerprint, face scan or PIN to access them.