Why passkeys are the next frontier in digital security

The traditional password that generations of computer users have come to love and hate may soon be replaced by something called a "passkey." You've likely even been prompted to create one already. While many people may not know just how easy it is to start experimenting with this new creation, there are still hurdles that must be cleared before adoption becomes widespread.

What are passkeys?

Since most individuals have made at least one of several password security errors — like using the same phrase across multiple sites — there has been a rise of hacking, identity theft, scams and major data breaches. The problem is so pervasive that passwords themselves might be on the outs as a viable pillar of online security. "Passkeys" are one prominent alternative gaining popularity as a way to make our online information systems more secure.

Passkeys are "generated codes" that are "stored on your device or in your password manager" and allow you to "log in to websites and apps using your fingerprint, face recognition or a PIN," said Wired. Their creators claim that they are unhackable, and they are "widely considered to be more secure" than your existing password system. When you make a passkey, you are creating a "pair of cryptography keys generated by your device" that communicate with one another via a "biometric identification tool, such as FaceID or TouchID, to authenticate your identity," said PC Mag.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

How do I get a passkey?

The good news is that "passkeys are very simple to use," said Dashlane, and you can create them for many accounts, including Google, Amazon, Apple and more "in just a few quick steps." After creating one, "you just approve login attempts with a PIN or biometrics," said PCWorld.

For example, to create a passkey on Google you just log in to your account, open the passkeys manager, enter your password and create a passkey. They are the "way of the future for Google account verification" and doing so is "simple to do and highly secure," said ZDNET. All you need is a "mobile device or a laptop/desktop with biometrics (such as a fingerprint scanner)." And if you're already using a password management system like Bitwarden or 1Password, they can also store your passkeys.

Obstacles remain

Passkeys are a "password-killing tech," said Wired, and improvements to the underlying technology are "pushing passkeys toward a tipping point." Still, one problem is that there are "definitely things that unnecessarily confuse and complicate the use of passkeys, " said Ars Technica, including the reality that "syncing across different platforms is much harder than it should be." That is a potentially devastating problem because less tech-savvy users are likely to give up on the new technology if they encounter any significant obstacles.

Critics also note that "passkey implementations to date lock users into the platform they created the credential on." But developers are hard at work trying out ideas to make the process of moving to passkeys more seamless for most users. Perhaps the most important development underway is a Credential Exchange Protocol that will "make passkeys portable between digital ecosystems" and avoid "user lock-in" to any individual password management service, said Wired.

Adoption of this new technology is still slow. Even though three-quarters of respondents in the U.S., U.K., China, Japan and South Korea have heard the term, fewer than a third have actually created one. Moving to passkeys also "assumes that the user has exclusive, private access to an account or device," which may not be realistic in households where family members share both, said the National Cyber Security Centre. Because of these limitations, "it's too soon to switch away from using passwords for all your online security," said Consumer Reports, which recommends trying passkeys for some accounts while the technology continues to mature.