Passwords are a thing of the past. Well, at least they should be. Passwords are weak, easy to hack, and a major pain to manage. But what if there was a better way to authenticate ourselves online?
Enter Passkeys
Passkeys are a new technology that does away with passwords altogether. Instead of using a password to sign in to a website or app, you'll use your fingerprint, face ID, or other biometric authenticator.
Step-by-Step: How Passkeys work
Passkeys are based on the concept of public-key cryptography. When you create a passkey for a website or app, your device generates a unique pair of cryptographic keys: a public key and a private key. The public key is shared with the website or app, while the private key is kept secret on your device.
Here is the step by step demonstration of how Passkeys work:
- The end user visits a website or app that supports passkeys.
- The website or app prompts the end user to sign in.
- The end user's device generates a unique public and private key pair.
- The public key is transmitted to the website or app.
- The website or app generates a random string of data known as a challenge.
- The website or app encrypts the challenge using the end user's public key.
- The encrypted challenge is then sent back to the end user's device.
- The end user's device utilizes its private key to decrypt the challenge.
- The decrypted challenge is sent back to the website or app.
- The website or app verifies whether the decrypted challenge matches the original random string of data. If successful, it authenticates the device and logs in the user.
What are the benefits of using Passkeys?
There are many benefits to using passkeys, including:
- Security: Passkeys are much more secure than passwords. Because passkeys are based on public-key cryptography, they are not susceptible to phishing attacks or other forms of password theft.
- Convenience: Passkeys are much more convenient than passwords. You don't have to remember or manage multiple passwords. Instead, you can simply use your fingerprint, face ID, or other biometric authenticator to sign in to websites and apps.
- Privacy: Passkeys are more privacy-preserving than passwords. Because passkeys are based on public-key cryptography, they do not reveal any personal information about you to the website or app you are trying to sign in to.
How can I get started with passkeys?
Passkeys are still a relatively new technology, so they are not yet supported by all websites and apps. However, support for passkeys is growing rapidly.
To get started with passkeys, you'll need to have a device that supports them. Most modern smartphones and tablets support passkeys, as do some laptops and desktops. You'll also need to have a web browser that supports passkeys.
One thing to note here is that most password managers, like 1Password, Dashlane, and LastPass, now support passkeys. This means that your private key will be stored on your password manager instead of on your machine, and it will work on every device where you are logged in. You won't need to generate a passkey for every device, which is a great. Right?
Once you have a device or password manager and web browser that support passkeys, you can create passkeys for your favorite websites and apps. The process for creating passkeys is typically very simple.
Here is a list of websites that support Passkeys. And it’s constantly getting bigger.
Conclusion
Passkeys are a brilliant technology that has the potential to revolutionize the way we authenticate ourselves online. They are more secure, convenient, and private than passwords, and they are easy to use. If you're looking for a more secure and convenient way to sign in to websites and apps, then you should definitely consider using passkeys.
I hope this article has helped you to understand what passkeys are and how they work.
Stay safe and updated with the modern technologies ;)