The quest to secure one’s online accounts seems to be never-ending. From simple passwords to complex passwords, multifactor authentication to password management software, “improvements” have bombarded us. The latest entry in this field: passkeys. What exactly is a passkey, and how can it help us be safer?
Tech folks tout passkeys as “passwordless logins,” which is a bit misleading. In most if not all cases today, you still need a password before setting up a passkey. But once established, passkeys are safer and more secure than old-school passwords. Passkeys are saved on your device so you don’t need to memorize them once they’re set up. The list of apps that support passkeys is long, and a good source for that is passkeys.directory. Adobe, Apple, Amazon, Best Buy, eBay, Google, Microsoft, Target, Uber and WhatsApp are but a few prominent names on the complete list. All major vendors are certain to support passkeys in the near future.
Establishing a passkey is fairly straightforward. When setting up a new account, if the app or website supports passkeys, it will prompt you as such. If you established the account in the past, review its settings to see whether passkey technology is available, and if so, you should take advantage of it. It’s best to use existing biometric capabilities of your device to set up the passkey, such as Windows Hello or Apple Face ID. That way, you don’t need to remember anything. If you don’t use those or similar features, then a PIN can be set up as a last resort.
The passkey is typically saved on the device from which it is set it up. So if you use your smartphone to set up the passkey, that passkey will not work from your computer. A separate passkey will need to be set up on your computer. This can be confusing to many folks and can cause them to revert back to using a password to log in. That defeats the entire purpose of passkeys.
One way to share passkeys among devices is to use a password manager. All the major multiplatform password management applications (Bitwarden, Dashlane, 1Password are a few) support the saving of passkeys. While the safety of having all your credentials in a single place has been debated ad nauseam, most IT professionals agree that password management software is safe and effective. And most password management apps can be secured via … you guessed it … a passkey.
Do passkeys need to be changed? Unless you add or change devices, the answer is no. Due to the technology behind passkeys, no one can steal your passkey. Now some nerds out there will disagree, and while it may be possible to crack a passkey, it’s a lot harder than stealing a password. And the sharks on the internet don’t bother with the fast swimmers who use passkeys; they go after the slow swimmers still using passwords.
John Agsalud is an information technology expert with more than 25 years of IT experience in Hawaii and around the world. He can be reached at jagsalud@live.com.