In May, Google began rolling out passkeys, calling them “the beginning of the end of the password.” Passwords have been with us since the mid-1960s, decades before computers became mainstream. But with more sophisticated cybercrime attacks, dated password technology does us more harm than good.

According to a survey by AllAboutCookies, 84% of people still use unsafe passwords (like birthdays and pet names), and over half of survey respondents admitted having five or fewer passwords for all their accounts. Sure, we could do better. But these stats are also a testament to how annoying and ineffective passwords are. Google and other major players in the industry believe that passkeys are the “key” to a simpler – and safer – future.

What Is A Passkey?

Instead of relying on something you remember (like a password), digital passkeys rely on something you have (like a device) or something you are (like a fingerprint or face recognition) for secure authentication.

Here’s How Passkeys Work

Passkeys use public-key cryptography. This is how it works: Your device has a pair of keys, a public key and a private key. The public key is shared with whatever website or app you want to access. The private key is stored securely on your device ONLY.

When you try to sign into a site, the site sends your device a digital “challenge” to check if it’s really you. The website uses your public key to send a challenge back to your device. Your device then uses the private key stored on it to decrypt and read the challenge – think of it like a decoder ring.

The challenge confirms who the user is and sends a message back to the application. If the authentication is successful – i.e., the keys match – the website knows the response truly came from your device. It’s like a secret handshake between your devices and the sites you use. This way, a hacker cannot log into your accounts without the private key from your device. This provides an added layer of security compared to passwords.

Try It Out With Google!

If you have a Google account, you can try out passkeys for yourself.

  1. Go to g.co/passkeys.
  2. Click “Get passkeys” and sign in.
  3. Choose “Use passkeys,” then follow the prompts!

Note: Passkeys are automatically created for Google devices, but you must be set up separately for other devices.

Are Passkeys Better?

If you use a passkey, a hacker must have your device (and be logged in), fingerprint or face to log in. Also, passkeys are encrypted on your device instead of on servers, so even if your company’s data is breached, they can’t access your passkey.

Though companies like Google, Apple and Microsoft are already using passkeys, it will take time for other sites and companies to get on board. Continue to use strong, secure passwords in the meantime and store them in a password manager.

Are You Looking For A Computer Security Service You Can Finally Trust?

Managed Technology Solutions, also known as ManagedTEK – IT Security Services & Monitoring, is a managed service provider that provides IT support and security solutions for businesses throughout the greater San Francisco Bay Area. ManagedTEK, was founded on an urgency to empower and protect our community from the digital war on personal security and privacy. We focus and specialize in protecting businesses from falling victim to increasingly complex cyber threats. We use cutting-edge technology along with proven cybersecurity practices to provide support and protection for small businesses. Contact us today for your free consultation!

Any further questions, please do not hesitate to contact us. Our cyber security team is always on standby.