Last updated: What are passkeys: Authentication without passwords

What are passkeys: Authentication without passwords


Listen to article

Download audio as MP3

There’s a global password problem, and tech has a solution: The development of passkeys, also known as FIDO multi-device credentials, was announced by the FIDO Alliance in March of 2022. 

What sort of havoc are passwords causing, you wonder? Here’s some data surrounding passwords and cybersecurity risks:

  • Passwords are the root cause of over 80% of data breaches
  • Users have more than 90 online accounts
  • Up to 51% of passwords are reused

What are passkeys: Definition, benefits, examples

Passkeys are alternatives to passwords. Passkeys allow users to login to digital accounts and apps across different browsers and operating systems using biometric or device authentication methods like Face ID, fingerprint sensors, PINs, or patterns.

Passkeys can replace both passwords and SMS codes to meet multifactor authentication requirements in a one seamless step – meaning you can sign in to all of your online accounts from Gmail to iCloud to Netflix without ever again having to remember the password for each.

The benefits of passkeys abound. Leveraging FIDO Authentication, a global authentication standard based on public key cryptography, passkeys are: 

  1. More secure for online sign-ins and account registrations across websites and apps  
  2. Simpler for consumers to use across single or multiple devices (mobile, PC, laptop, etc.)
  3. Easier for service providers to deploy and manage 
  4. Highly resistant to phishing, credential stuffing, and remote attacks

Example of how passkeys work in the wild

A primary use case for passkeys is when a user signs into an app or website, then approves the sign-in using the same biometric FaceID, TouchID, or PIN used to unlock the device versus using a less secure username or password.

In the simplest terms for the user, the passkey process looks like this:  

  • Click “sign in” 
  • Select passkey: Biometric or PIN 
  • Done 

Simply put, “passkeys stand to take passwords out of play for the vast majority of consumer use cases,” says Andrew Shikiar, Executive Director and CMO of FIDO Alliance, as he outlined the ways that FIDO authentication is playing a role in helping to improve the state of identity today at the Identity, Authentication, and the Road Ahead Cybersecurity Policy Forum in Washington, D.C. earlier this year.  

Yikes! Shared passwords and sticky notes: State of IT security demonstrates business imperative for passkeys

An evolution of FIDO2 and WebAuthn, passkeys aim to solve security problems with passwords – particularly when it comes to large-scale consumer utilization and mobile workforces.

According to the Ponemon Institute, there are multiple security flaws when it comes to accessing business accounts via passwords: 

  • 49% of IT security respondents and 51% of individuals share passwords
  • 59% of IT security respondents say their organization manages passwords using human memory, while 42% use sticky notes
  • Only 31% of IT security respondents say their company uses a password manager, an effective tool for securely creating, managing, and storing passwords

TechCrunch documented how Twilio and Cloudflare suffered major hacking attacks in late 2022. Twilio employees were targeted via text message and tricked into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio’s IT department.  

Fast forward to today and you can understand why experts are predicting a rise of passkey usage, as the number of cyberattacks targeting those organizations that continue to use traditional multi-factor authentication continues to rise. 

Major tech players like Apple, Google, and Microsoft are committed to expanding support and availability of passkeys, with the FIDO Alliance offering users two new capabilities for even more seamless and secure passwordless sign-ins:  

  • Users can automatically access their passkey on many of their devices – even new ones – without having to re-enroll every account
  • Users can use FIDO authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the OS platform or browser they’re running

Passkeys are a powerful and effective way of keeping user data secure, while also providing a better user experience in the digital world versus passwords.   

Customer identity, consent, and authentication – simplified.
The future starts HERE.

Frequently asked questions (FAQs):

One example of a passkey is a unique public/private key pair that is generated by your browser when you sign up at a website or an app. The public key is registered with the website, while the private key is securely stored on your device. This key pair is used for secure passwordless authentication, making it a more secure and convenient alternative to traditional passwords.

Passkeys and passwords both aim to secure your online accounts, but they work differently. Passkeys are cryptographic keys stored on your device, offering a more secure and convenient, passwordless login. Passwords on the other hand, are strings of mostly alphanumeric characters you have to remember and type in, and they’re often stored on external servers. While passwords are more commonly used, passkeys are emerging as a more secure and user-friendly alternative.

Yes, passkeys are generally more secure than passwords. Passkey uses a pair of cryptographic keys stored on your device, making them hard to steal or crack. Furthermore, a passkey is verified through your own biometric data like a fingerprint, adding an extra layer of security. This makes logging in not only more secure but also more convenient since you don’t have to remember multiple passwords.

Passkeys are supported on Apple devices running iOS 16 or later, Android devices with Android 13 or up, and Windows devices with Windows 11. For browsers, you’ll find passkey support in Google Chrome, Apple Safari, Microsoft Edge, Mozilla Firefox, and Opera. Nonetheless, be aware that passkeys are a developing technology, so expect to see even more devices, browsers, and apps offering this feature in the near future.

Share this article


Search by Topic beginning with