In 1961, Fernando Corbató, a computer science professor at MIT, created the first digital password to secure computer systems designed for research. Little did he know the profound impact his invention would have on cybersecurity. Fast forward to today, passwords have become a fundamental part of digital security. Unfortunately, their widespread use has also highlighted significant vulnerabilities.
The Problem with Passwords
Despite extensive efforts to encourage stronger password practices, many users still rely on easily guessable passwords like “password” and “123456.” This widespread negligence in password security has left countless accounts vulnerable to cyber threats. Recognizing these shortcomings, major tech companies have developed an innovative solution—passkeys.
Understanding Passkeys
Passkeys are an advanced security feature that eliminates the need for traditional passwords. Built on the WebAuthentication (WebAuthn) standard, passkeys utilize public-key cryptography to enhance account security. Instead of remembering complex passwords, users receive a one-time code sent to their email or phone. This method not only simplifies the login process but also guards against password guessing and theft.
How Passkeys Enhance Security
Passkeys employ a system of public-key cryptography involving two keys: a public key and a private key. The public key is stored on the web server, while the private key remains on the user’s device. During login, the server issues a challenge that the device resolves using the private key. The server then verifies this response with the public key, ensuring no sensitive information is transmitted or stored on the server. This method significantly bolsters security compared to traditional passwords.
Getting Started with Passkeys
Modern devices are well-equipped to support passkeys, thanks to collaborations among tech giants like Microsoft, Google, and Apple. These companies adhere to standards set by the FIDO Alliance and W3C.
- Apple Devices: Users with iPhones (iOS 16+), iPads (iPadOS 16+), or Macs (macOS Ventura) can use passkeys through TouchID or FaceID.
- Android Devices: Passkeys are available via Google Password Manager on devices running Android 9+.
- Windows PCs: Passkeys can be utilized with Windows Hello on Windows 10 and Windows 11, provided users are logged in with their Microsoft account.
Web browsers such as Chrome, Edge, Safari, and Firefox also support passkeys, provided they are updated to the latest versions.
Creating and Using Passkeys
To set up passkeys, users must have an account with a supporting provider like Microsoft, Google, or Apple. Here’s a brief guide:
- iOS and macOS: Activate iCloud Keychain, then choose to use a passkey when signing up for a new account on a compatible app or website. Authentication can be done via Touch ID, Face ID, or QR code.
- Android: Visit g.co/passkeys, sign in to your Google account, and follow the prompts to create and verify a passkey. This process can be repeated on multiple devices.
The Future of Passwords
The potential of passkeys to replace passwords is promising but complex. While passkeys offer enhanced security and user convenience, widespread adoption faces challenges like compatibility and user awareness. Nonetheless, with strong backing from tech leaders like Google, Apple, and Microsoft, the era of passwords might soon be overshadowed by the rise of passkeys.
Also Read
Enhancing Security: How to Implement Passkeys on Windows 11 for Password-Free Authentication
