A way to sign in to an app or website, without needing to create and remember a password. Instead of a password, passkeys let you authenticate sign-in requests by using biometrics such as fingerprints and facial scans in a single step – no need to type in a password and then get an SMS or open an authentication app.
World Password Day was started in 2013, and was founded by global chipmaker, Intel. Some videos are embedded below from various organisations to explain how passkeys work – please watch them below, and read on!
The CyberTalk website has a timeline for the use of passwords, and notes that “prior to technological advances, passwords were uncommon. They were mostly used by secret societies.”
They share a brief timeline of passwords, starting then they were created in 1961:
- In 1961, the Massachusetts Institute of Technology (MIT) created the computer password. The purpose? Enabling multiple individuals to use a single computer system.
- By 1976, the emergence of public-key cryptography enabled two computer users to authenticate one another without the transfer of a cryptographic key.
- In 1978, researchers published the first study demonstrating that guessing passwords based on a person’s identity was easier than cracking passwords with computers.
- By 1986, two-factor authentication came onto the scene. It received a high level of adoption.
- 2013 saw the creation of World Password Day.
- Passkeys were created by the FIDO Alliance with more information on the history of the FIDO Alliance and passkeys here.
If you don’t want to use a passkey, please make sure you use a password manager, be it the one built into your iPhone, Android or browser, make sure each password is unique, change your passwords every six months to a year, and use two factor authentication such as the Google or Microsoft authenticator app, that forces you to use a six digit code that is regenerated every 30 seconds on your iPhone or Android, rather than relying on SMS messages.
So, what is a passkey?
It is the new alternative to usernames and passwords. Various sites and services on the Internet, and apps on your phone, can now ask if you want to use your phone or computer’s ability to authenticate you with a fingerprint scan or a facial authentication method as your secure log in.
Each passkey consists of a pair of keys, one held by you and the other held by the app or website. The key pair creates a secure and private connection between you and the app or website.
This means that a fake site, pretending to be Facebook or some other online service, won’t be authenticated by the passkey service, so fake sites trying to steal your username and ID will fail.
It has been more than six decades since passwords first became the champion of online security, but the world has changed significantly. Technology has advanced exponentially and many of us are now ‘connected’ to a number of devices, applications and online services for work or personal use, meaning the number of services and accounts to which users across the globe are required to log into has boomed.
The drawbacks of passwords are clear. Most importantly, bad actors can steal your secrets, making passwords vulnerable to cyber threats. Additionally, passwords are hard to remember and result in user frustration.
Recognising the vulnerabilities of passwords, more governments and corporations are acknowledging their increased susceptibility to phishing attacks. With the backing of major tech players worldwide, passkeys are gaining momentum as the successor to traditional passwords. While passkeys have been around for some time, their effectiveness in adding a modern but safe online security method, that is also phishing resistant, is driving their adoption at a fast pace.
Here are some videos that explain passkeys in more detail: