Passkeys: The future of passwords? Understanding how they work

early everybody agrees that the way we use websites and services is broken.

The username-and-password combo universally used is both annoying for users and not great from a security perspective. Amid data breaches, that most people repeat the same, easily guessable passwords between websites and given the ease of constructing fake sites to steal logins, the internet is crying out for a better solution.

Well, one might finally be here: passkeys. These do away with passwords completely, allowing your phone to vouch for your identity.

How do passkeys work, and what are the drawbacks? Read on to find out.

What is a passkey?

Passkeys are a way of logging in to a website or service without a password to prove who you are. All you need is a device to vouch for your identity — most likely your smartphone*.

That sounds like a security nightmare, but it should prove a lot safer than the somewhat flawed password system we’ve used for the first few decades of the internet.

“A simple, yet secure sign-in procedure is exactly what people need,” Jake Moore, Global Security Advisor at ESET, a software company specialising in cybersecurity, tells The Standard. “Passkeys offer a simple, fast and secure sign-in solution. [They offer] a very positive impact on account security.”

For the user, the idea is to log in to a website the same way you open up your phone — with a PIN, a fingerprint or a face scan. When you register for a site or service, your login is linked to a single device and you just sign in via that: with no password to remember.

Source…