For now, using passkeys is an option for many and not mandatory. However, there are numerous reasons to prefer them over traditional login PINs. For one, it’s harder for hackers to intercept them in plain text.
What Are Passkeys?
Passkeys are a digital credential system designed for a more secure and simpler way to sign in to online services. They represent the collaborative efforts among Apple, Google, Microsoft, PayPal, and other industry organizations.
When you create an account on a website or app that supports them, the platform generates two cryptographic keys: One public key that will stay on the website or app’s server and a private key for your phone, computer, or other gadgets you used to make the account.
Try logging in to that same website the next time, and it prompts your device to prove your identity. Your login method can be your fingerprint, face ID, special PIN, or other biometric data. Your device uses the private key to create a virtual signature or a unique code without you actually seeing it.
The website or app server then receives the signature and checks it against the stored public key associated with your account. If they match, you may access the platform.
Passkeys Can Become Your Default Login Method
Google is pushing to make passkeys the default sign-in method in a bid to get users familiar with them and phase out passwords gradually. You may have noticed that it encourages you to switch to them whenever you log in, and there’s now a “Skip password when possible” option in your Google Account settings.
Enabling this setting means your passkeys are automatically what you’ll use to access your account, and passwords become alternative solutions when you need to “try another way” in. Also, more platforms besides Google services have begun adopting them. Notable names among them include Best Buy, Amazon, and Shopify.
You may wonder what happens when you lose the device hosting the private key. Technically, you lose access to any account requiring passkeys on it. Also, resetting passkeys is impossible because they’re invisible and don’t exist on an app’s or website’s server.
The workaround is to return to your passwords as a backup sign-in method. Then, from the Security menu of your Google account, you can enroll a fresh passkey on your new device, automatically revoking access for the old one.
Ready To Leave Passwords Behind?
The widespread adoption of passkeys is still ongoing. Until they’ve gone mainstream, you can stick to your passwords and Two-factor authentication methods in securing accounts. Overall, the choice to switch is something you want to think about carefully. If you constantly misplace your gadgets, your account recovery challenges will outweigh the security benefits of Passkeys.
If you aren’t ready to use Passkeys just yet, it’s always good practice to check if your current passwords are still secure. If they have been compromised and moving to Passkeys isn’t the preferred solution, check out these tips on creating a secure password and enabling 2-factor authentication on your devices.
