Passwords: We all have far too many of them, and they're probably not nearly as secure as we think. Passkeys are the next evolution of passwords, and they're trying to bring us a more secure, password-less future.
The Problem With Passwords
For a long time, we've been using usernames and passwords to sign into websites, apps, and devices. The concept is simple: You create a username---sometimes it's just your email address---and pair it with a unique password that (ideally) only you know.
The big problem with passwords is almost entirely with the people who create them. Since you have to remember the password, it's easy to fall into the trap of using real words or phrases. It's also very common to then use that same password in multiple places rather than having unique passwords for every website or app.
Obviously, using your birthdate or a pet's name is not a very secure password, but many people still do it. And once someone figures it out, they can then try it in all the other places where you used the same password. This is why it's so important to use unique passwords and two-factor authentication.
Password managers have attempted to improve this situation by generating random strings of characters for you, then remembering them so you don't have to. That's better than making up your own plain language passwords, but there's still room for improvement. Enter passkeys.
Passkey vs. Password
The system of usernames and passwords hasn't changed a lot over the years. Think of passkeys as a complete replacement for the archaic password system. Essentially, you use the same method for unlocking your phone to sign into apps and websites.
That's one of the biggest differences between old-school passwords and passkeys. Your Facebook password works anywhere you can access Facebook. However, a passkey is tied to the device it was created on. You're not creating a password that can be used anywhere, which makes the passkey much more secure.
To sign in on another device, you can scan a QR code from your phone and use the same security method to authenticate it. Since there are no passwords involved, there's nothing that can be leaked or stolen. Your phone has to be present to sign in, so you don't have to worry about a random person across the country using your password.
We've mentioned phones a few times, and they're also an important part of making passkeys work. Currently, you pretty much need a mobile device to use passkeys. The idea is your primary device is the "key." Even if you create a passkey on your PC, you'll need to have your phone nearby to verify. Proximity is usually verified with Bluetooth.
In technical terms, passkeys are an industry standard based on WebAuthn. Big names such as Apple, Google, and Microsoft have joined the FIDO Alliance to work on getting rid of passwords for authentication. Passkeys are the future.
Should You Use Passkeys?
At the time of writing, passkeys are just starting to see more widespread use. As mentioned, Apple, Google, and Microsoft support passkeys. They're also supported by 1Password, Dashlane, PayPal, eBay, Best Buy, Kayak, and GoDaddy. More companies are adding support all the time.
However, there's more to the equation. For websites, you need a compatible browser as well. If you want to create a passkey for Best Buy, you'll need to do it in Google Chrome or Apple Safari.
On top of that, you need to have a compatible operating system and password manager. In Apple's world, that's Keychain. For Google, it's Password Manager or a third-party app. Microsoft's is Windows Hello.
As you can see, there are several layers of compatibility needed, but we're still in the early days of passkey adoption. As a user, you don't have to worry about all that. Services will ask if you'd like to create a passkey if they support the feature and you're on a compatible device.
If you have the choice to use a passkey, it's an easy choice to give it a try. Not only is it more secure, but it's also much easier to use. Scanning your fingerprint or using Face ID to log onto a website is more convenient than typing annoying passwords. The future is passwordless.