Today I googled, “how many passwords does the average user have?” and the top answer that appeared stated that a research study conducted by NordPass reports that an average person has approximately 100 passwords.
This sounds like a lot to remember, not gonna lie, but to go a step further depending on devices you’re using and how your various accounts are setup for login, you are also probably using a combination of pins, patterns, biometric authentication (fingerprints, facial recognition, etc.), the more common two factor authentication, and then of course the good old trusty password and if you’re lucky your using some form of password management to keep track of all those passwords.
If you’re overwhelmed, that’s okay, we know there is a lot to remember when logging in to all your various accounts. However, there is a new login technique that became available this year called the passkey which is promising to solve phishing and prevent password reuse.
Now you’re probably asking what is a passkey, well according to Hoffman-Andrews article on What the !#@% is a Passkey? from the Electronic Frontier Foundation website eff.org.
The passkey is approximately 100-1400 bytes of random data, generated on your device (like your phone, laptop, or security key) for the purpose of logging in on a specific website. Once the passkey is generated, your browser registers it with the website and it gets stored somewhere safe (for instance, your password manager). From then on, you can use that passkey to log in to that website without entering a password. When you go to a website’s login page, you’ll have the option to “Sign in with a passkey.” If you choose that option, you’ll get a confirmation prompt from your password manager and will be logged in after confirmation. For all this to work, there needs to be passkey support on the website, your browser, your password manager, and usually also your operating system.
Pros
- The fact that each account has its own passkey helps prevent phishing and won’t let you log into a fake scam site.
- Using a passkey, you can usually skip the traditional two-factor authentication as it counts using your devices unlock pin, facial recognition, or fingerprint as the other factor of authentication.
- If you’re always forgetting your password and having to reset it often, you’re going to be forced to use a password manager, so the issue of forgetting your password has been solved.
- Never have to come up with a new password as passkeys are generated and then stored.
Cons
- Not all websites support passkeys yet.
- Syncing between Apple, Windows, and Android is tricky.
- Still must set up multiple passkeys for each account.
- If somehow you lose your device, and the password manager is unlocked/opened your accounts are vulnerable.
- Passkeys are device specific so you would need to have passkeys stored on all devices your access accounts with.
- The solution for this is to backup passkeys on your password manager using the cloud and then copy the file to the different devices, use a USB device, or passkeys can be stored in high-security chips that are built into newer devices.
To conclude, passkeys still have room for improvement, when it comes to website support and the ability to sync between platforms. However, for most purposes, using passkeys will represent a significant improvement in security helping to protect you for phishing.