Let's dive into the world of Passkeys - this cool new concept that even Google has started using. If you're scratching your head wondering what's going on, that's why I'm here. Let's unpack what a Passkey is, how it works, and go through the good, the bad, and everything in between.


Advertisement

Passkeys vs. Passwords: A Personal Take

Now, we all know what a password is. It's that string of characters I've memorized (or tried to) or stashed away in a password manager like 1Password. Every time I try to log in, a website expects that exact password, right after entering my username.

But then, there are Passkeys. They're like the dynamic, cooler cousin of passwords. Here's how it works: I'm the user, and there's a website or app that recognizes me. The first time I logged in, I generated a "key pair", which is unique to my account.

My public key stays cozy on the website or app, while the private key finds a home in my device, be it my smartphone or a fancy FIDO2 USB stick from yubico. Every time I log in, my device comes up with a unique, single-use password, encrypted by my private key.

This special password appears either through a biometric login (fingerprint, facial recognition, etc.) or by entering a PIN or swipe pattern. My device then forwards this one-time password to the website or app, where it's checked with the public key. If everything lines up, voilà, I'm in.

So, the major difference between a regular password and a Passkey? Well, passwords stay the same until I decide to change them, but Passkeys? They're always new, always fresh, with one-time codes. And while anyone could use my username and password combo if they found it, Passkeys are uniquely mine.

Multi-DeviceFIDOCredentials
Resource from the FIDO Alliance

The Pros and Cons of Passkeys

The Pros

  • I can forget about memorizing complicated passwords.
    Say goodbye to that dreaded "password123"
  • I won't be tempted to use the same password for different sites.
  • Even if someone intercepts my authentication code, it'll be useless next time.
  • Passkeys are like kryptonite to phishing, since there's no fixed password to steal.
  • Websites don't have to store my passwords, which lowers the risk of data breaches.

The Cons

  • If I have issues with my biometric identification, I could be locked out of my own apps and sites.
  • Not everyone might want, or be able, to use Passkeys, which leads to potential security gaps.
  • Some websites might not be able to keep up with this new tech, or might choose not to.
  • Sharing my Netflix or Amazon accounts could get a bit tricky with Passkeys.
  • If I lose my device? Well, that could spell trouble. Yes, key pairs are saved in the cloud, but I might need security keys to retrieve them.
  • There are tech experts who warn that current encryption might not stand up to quantum computers in the future.

So, there you have it. Passkeys might be the future of logging in - more dynamic, more secure - but they've got their own set of challenges. But as long as we stay informed and ready to adapt, I believe we're heading in the right direction.


This post feature image is by Freepik .