Passkeys: A New Way To Authenticate Your Online Accounts

Passkeys are a new and improved way to log in without using traditional passwords. Many modern devices and services are beginning to support them.

To start using them, you’ll typically need a device that supports biometric authentication (like a smartphone or a laptop with a fingerprint scanner) and a password manager that offers passkey support. Setting up a passkey is usually straightforward and can often be done through the security settings of your account.

Here’s how passkeys compare to other forms of account authentication:

Passkeys vs. Traditional Passwords

  • How It Works: Passkeys are stored on your device and use things like your fingerprint or a PIN to verify you. Passwords, on the other hand, need to be typed in and are often reused, which isn’t very safe.
  • Security: Passkeys make it harder for hackers to break in. Traditional passwords can be guessed or stolen more easily.

Passkeys vs. SMS-Based Two-Factor Authentication (2FA)

  • Security: SMS codes can be intercepted by hackers, but passkeys stay on your device and are much harder to steal.
  • User Experience: Passkeys make logging in easy. You don’t have to wait for a text message and then type in a code. Just use your device to log in quickly.

Passkeys vs. Authenticator App-Based 2FA

  • Security: Authenticator apps are safer than SMS, but you still have to open the app and type in a code. Passkeys use cryptographic keys that are automatically verified, making them even more secure.
  • User Experience: Passkeys are more straightforward. You don’t need to open an app and enter a code. Just use your fingerprint or PIN on your device.

Passkeys vs. Security Keys

  • Usability: Passkeys are easier to use because you don’t need to carry an extra device. Instead, you can use your phone or computer to log in. However, security keys like Yubikey are more secure overall because there’s no way for remote hackers to get access to the physical key.
  • Recovery: If you lose your device, passkeys can be synced across your other devices using services like password managers. Losing a security key can be more difficult to recover.

Most password managers now support Passkeys including my recommended password managers, Bitwarden and Proton Pass.