Key to Password-less Passage

Sounds like a password,” was Elon Musk’s response to a reporter’s inquiry about his newborn’s unconventional name, X Æ A-12. While the entrepreneur wouldn’t have trouble remembering that combination of characters, the rest of us suffer trying to navigate the irksome world of p@55wRd$. 

A recent study shows that on average a person juggles nearly 100 passwords between different services and sites. It is no wonder then that they are responsible for over 80 percent of data breaches and suffer from a 51 percent reuse rate. The recent turn in technology, however, is here to put the days of remembering passwords behind us.

Passkeys—though not a novel concept for they work in a similar fashion as a QR code scanning or using biometric features to unlock phones—are a much-needed replacement. This authentication method consists of cryptographic keys, which include a public key registered with the online service or app and a private key stored on a device, such as a smartphone or computer. When you log into a passkey-enabled site, you receive a push notification on your phone, similar to two-factor authentication. Because the method uses Bluetooth instead of Wi-Fi, the risk of unauthorised access is mitigated. Passkeys also resolve the hassle of synchronising passwords across devices. For instance, if you typically log into your Google account using a smartphone, but want to use a laptop, as long as the smartphone is within Bluetooth range of the laptop and you approve the login, it’s seamless.  

Currently, a more secure method for signing into an account involves using a password alongside 
a second factor of authentication such as an OTP, a security key, or an authenticator app. A passkey fulfils these requirements in a single step, without sending your biometric information to the website or app you are accessing. Also, each passkey is tied to a specific site; this means it will only function on the site where it was initially set up. It also serves as a robust defence against phishing and social engineering attacks, ensuring that you never share your login details with untrusted websites.

Apple also introduced the technology last year with the release of iOS 16. The tech giant’s ecosystem employs the iCloud Keychain password management system to back up and synchronise passkeys across all Apple devices. This means you can create a passkey on your phone and use it to log in on other devices, such as an iPad or Macbook.

Google, Microsoft and various other companies also use it for secure logins. Google, for instance, supports passkeys on its Chrome browser, Android devices, and all Google accounts, including Gmail and Drive. Microsoft incorporates it through Windows Hello. Others such as Amazon Web Services, Facebook, Twitter, Netflix and many more, too have embraced this technology.

So, what do you need to use passkeys? Here are the requirements:

A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
A smartphone or tablet running at least iOS 16, iPadOS 16, or Android 9
Optional: a hardware security key with FIDO2 protocol support
A supported browser on your device, such as Chrome 109 or greater, Safari 16 or greater, or Edge 109 or greater