You’ve likely been hearing the term “passkey” frequently in the past few months whenever you try to log in to pretty much any service owned by one of the tech giants.
Amazon, Google, Apple and more have all issued statements this year announcing they’re rolling out or increasing support for passkeys—and they’re strongly encouraging you to use them. But that urging has got a lot of people confused. What are passkeys? Why can’t I just keep using my password? And what will this all mean in the long term?
Uncertain about what a passkey is or what advantages it offers? Here’s what you need to know.
What is a passkey—and is it safe?
Passkeys are a newer, faster (and, arguably, more secure) way to access sites and information that you have protected by passwords. By using your fingerprint or a scan of your face (or your device’s PIN), you’re able to automatically logged into an app or website (once you approve the request). Basically, it’s using your device to prove that you’re really you.
How do passkeys work?
Passkeys generate a pair of keys — one public, which is stored on the cloud, and one private, which is stored on the device. That means that if the cloud server is compromised by hackers, accounts are still protected, as the hacker won’t have both sets of keys.
In essence, the passcode you enter on your phone or your face scan/fingerprint is one half of what’s necessary to get access. The other is stored elsewhere. In order for a hacker to crack both, they would need to have your phone and hack the server, something that’s an extraordinary amount of work for one device.
Does this mean passwords, as we know them, are going away?
Passkey advocates certainly hope so, but it’s not going to happen anytime soon. Password support is likely to continue for many years before companies begin insisting on passkeys. This is just the beginning of the migration process.
Who’s supporting passkeys?
Pretty much all of the big players are these days. Amazon, in October, began allowing customers to set up passkeys in their settings. Apple made the jump in June, announcing passkey support would be built into iOS 17. That support was extended to third-party apps and websites that utilize the “Sign in with Apple” feature as well. Also in October, Google made passkeys the default option to access Google accounts, after initially launching passkey support on May 5 of last year. Microsoft, also, offers the technology (though it utilizes alternate phrasing, such as “Windows Hello” or “security key”).
Major apps that support passkeys include:
- Shopify
- Instacart
- Robinhood
- Adobe
- KAYAK
What are the advantages of using passkeys?
Proponents of the technology say it’s a much more secure option, since too many people opt for simple passwords or utilize the same ones on multiple websites. And even fewer people embrace two-factor authentication. Passkeys require authentication for every user, every time they’re used. The encryption on them is different for each site, which makes it harder for hackers to use them as a backdoor into your account.
On a day-to-day front, though, you won’t have to remember which password you used for which site—and you’ll be able to get to the content you want faster.
What are the downsides of using passkeys?
It comes down to privacy for the most part. By convincing you to do away with passwords, large companies like Apple have a bigger opportunity to incorporate you into their ecosystems, giving them an even deeper knowledge about your digital habits, including the sites you frequent and/or pay for.
Also, not every site, app and system has adopted passkeys yet, so it’s not something universal. And for businesses, extra hardware and software is needed, which can be expensive.