What is PassKey?

Here is everything you need to know about Passkey, including how it might affect your passwords going forward.

Most people own devices, like laptops and tablets, that store lots and lots of your personal information. And while it’s very convenient to have all this information stored so easily, it also means that we are more at risk for hackers and scammers to try and log in to our personal accounts and steal valuable information.

That’s where Passkey comes in; this new technology is aiming to reduce our use of traditional passwords, making our accounts more secure and less prone to attacks. Keep reading to find out exactly what Passkey is and why it’s so important.

What is Passkey?

Passkey refers to a security feature that some may be familiar with, as it’s not too dissimilar to two-factor authentication, a security measure that makes users provide two different means of verification (usually on a mobile phone) to make it harder for hackers to log into your accounts.

Passkey is also known as a multi-device FIDO credential. Using this process, a notification will be sent to a user’s smartphone when logging into a site, allowing them to authenticate their identity via biometric or pin, eliminating the need for a password.

After the user has used their phone to log into a platform, they will remain logged into their account, meaning that you won’t need your phone on hand every time you want to access a new site or platform.

Passkey is a universal technology, and so should work regardless of the OS platform or browser, making it accessible to more users. Website and app developers will need to implement the technology before you can start using it, but Apple, Google and Microsoft have already confirmed that they will start to facilitate a FIDO login over the next year. No dates have been set in stone for the companies just yet.

How does Passkey work?

Unlike standard two-factor authentication, Passkey uses Bluetooth instead of Wi-Fi. Bluetooth is being used as it requires close physical proximity, which will help verify that it’s the user attempting to log in.

This will also mean that a user’s laptop/phone will need Bluetooth to use Passkey. This won’t be an issue for most current devices, but may be difficult for anyone using an older desktop PC.

Once you’ve registered and linked to your various accounts, you’ll be sent a push notification to your smartphone via Bluetooth. By unlocking your phone, either via pin or biometric, your device will then create and send a unique public key to the relevant web service associated with your account. If there’s a match, you will be logged into your account.

Importantly, your biometric data never leaves your smartphone, so you don’t need to worry about third-party services getting a look at your personal data.

Is Passkey more secure?

Passkey, in theory, should be more secure than passwords, as hackers will need access to your phone, and either a pin or fingerprint of the user to unlock it. They’ll also need to be in close proximity to both your phone and the device they’re attempting to log into since Passkey uses Bluetooth.

Many people use the same password for multiple sites and platforms, meaning that if a scammer gets hold of your password, they will likely be able to use it with multiple accounts. Limiting password use should address this issue, as a scammer won’t be able to glean your passwords if the user is using their fingerprint to log in.

Passkeys can also be backed up by a large platform, such as Apple or Google, which will make it easier to bring your credentials to a new device and make it simpler to sync Passkeys across your phone, tablet and laptop.

Is Passkey already available?

Some companies are already utilising Passkey; Apple has the system running on iOS 15 and macOS Monterey, but it cannot be used across multiple platforms yet.

Some people have spotted Google’s Passkey support in Play Services in Android, but the company has not spoken out about when it will be ready for older devices.