Passkeys or FIDO authentication have been around for more than a decade. The FIDO Alliance conceptualized the technology. However, it was not as widely supported (and adopted) by big tech companies for consumers until 2022-23.

Once you start using a passkey, you will forget passwords exist. And, you will want to use passkeys everywhere you have an online account. It is that convenient! 🤯

And, not just convenience, passkeys offer greater security as well.

Google recently shared that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts.

I am a super fan of this technology now, and for this website, I implemented passkey login support to prevent unauthorized access or brute-force attempts 😎

Now, you must be wondering:

  • So, what are passkeys?
  • How are they more secure?
  • Where can you use it?
  • And, how do you use it?

Let me make it easy for you here with all the essentials you need to know about passkeys.

What Is A Passkey?

passkey login

A passkey is like a digital ID card for your online accounts used for authentication.

It is a fascinating technology that uses your devices to authenticate your online accounts, helping create a “passwordless login” experience. It can be your smartphone, or your computer using face lock, fingerprint, password manager, or a FIDO hardware key.

They are easy-to-use, faster than password logins and two-factor authentication methods, and you do not have to remember anything. Just a tap or touch, and you’re logged in to your online accounts, that’s it.

The passkeys sync across your devices. So, you can use them everywhere you want without needing to create them again on a new device.

To enforce your understanding, you can watch the video below:

Here’s How Passkeys Are Safer

passkey safe

A passkey is not just about speed and convenience. It is also a more secure option.

Compared to traditional password login systems, passkeys are not vulnerable to common security attacks like phishing, replay attacks, and data breaches. A malicious actor cannot lure you into sharing your passkey, just like they can for passwords.

Moreover, if you do not need a password, you won’t get the chance to make mistakes like storing your complex password on an unsecured text file or sharing it over through unencrypted means.

Passkeys make your experience safer by eliminating the need for passwords.

And, if there are no passwords, you do not even need a two-factor (2FA) authentication method.

💡
Even with passkeys, you should have a 2FA method like receiving authentication codes via email/phone for easy account recovery.

If you want to dive-in deeper into the technicalities and know the difference with password logins, you can watch this amazing explainer video by Jeff Crume:

What Devices Support Passkeys?

passkeydevices

You can use passkeys on your Android smartphones, Apple iPhone, Apple Watch, and desktop platforms.

Currently, you cannot use your Android wear devices as passkeys. It can change with time, and I shall update the article if that comes up anytime soon.

How Do I Use Passkeys? And, Where?

You do not need to install or set up a special application to use passkeys. The support for passkeys is baked in to the devices I mentioned above.

So, how do you get started?

You can go about three ways to create/save/sync/manage passkeys:

  1. Default device passkey manager: Google Password Manager for mobile devices/Chrome browsers and Windows Hello are two examples.
  2. A separate password manager: You can use a password manager like Bitwarden or Proton Pass that supports passkeys.
  3. Hardware security key: A Yubico key is an example (it is a physical passkey).

Considering you are just getting started, I would recommend sticking to the first two options. The third one is not as widely supported as the first two options.

Once you pick a method that you want to use for passkeys. You need to start creating/enabling passkeys as the login method for websites and apps.

💡
I recommend you to use your existing password manager for passkeys. Most of the popular ones (and the default system password managers) support passkeys.

So, the next question: how do you find what apps/websites support passkey logins?

The passkey support is being actively adopted by companies. So, any app or service you are using now may already have the support for it, who knows? 🧐

The first thing you should do → Go check the security/login protection settings on any of the services you want to use passkeys with. Here’s how it looks for Google:

google passkeys

If you would like to know about several services that support it, you can explore these online directories:

The passkey functionalities for sites may or may not vary by region. For instance, if you hope to use passkeys on Amazon, it is available, but not for Amazon.in. However, WhatsApp supports passkeys everywhere.

Curious to see it in action before you start using it? Here’s a clip of how it looks like on my GitHub account (on my desktop):

Wrapping Up

I encourage you to use passkeys wherever you find the support for it. You do not have to go purchase a FIDO hardware key for starters, as your existing password manager should be able to let you use passkeys.

What do you think about passkeys? Have you started using them already? Let me know down in the comments below!

Categorized in:

Security,

Last Update: May 13, 2024