Unlocking Success: Navigating Your Way With A Passkey

Passwords vs. Passkeys

What are Passkeys and why do you need them? If you are like most people, passwords are a pain in the backside. Remembering them can be a problem, we should change them often and make them strong with symbols, caps, and numbers. Trying to remember any combination without a password manager is futile. This leads us to use weak easy-to-remember passwords or to repeat passwords over different sites making us more vulnerable.

Password Managers and the autofill feature on browsers are a strong upgrade over trying to remember weak passwords or writing them down on a notepad. Password Managers will assign a difficult-to-remember password for your website then everything is auto-filled at sign-in.

Passkeys

Here is what you need to know to start using them today and why you should. First, what they are not: passkeys are not 2-step verification or a second notice on your mobile device after you have already entered your password on a website. You simply use the same method you already use to sign into your device. It can be a PIN or biometrics like a fingerprint or facial recognition.

To create a passkey, on websites that allow them, you need to sign in to your website with your password.  Request a passkey. The website will walk you through the process. A public and private passkey will be created for each device used to sign into this website. If your devices share a cloud, one passkey can be shared between devices. They are free and easy to use, and many websites are already set up to use passkeys.

Passkeys Pros And Cons

Pros

1. Because passkeys are specific to the device that created them and the website, they are perfect for preventing users from entering phishing websites and using “man in the middle” (MIM) attacks. This is when a hacker sets up a fake website. When you enter your information, it is stolen but the hacker immediately sends you to the real website. However, because a fake website cannot verify the passkey and your device they are prevented from hacking you
2. Nobody can guess your passkey because it uses an encryption method that uses two different keys as part of its verification process. The website gets the public key, while your device protects the private key. Hackers cannot compromise your passkey based on the public key
3. Even if a copy of your passkey were retrieved from your device, it still will not work because it will fail to register as valid without your specific device

Cons:

1. Not every website is set to allow passkeys
2. Many websites allow passkeys for mobile devices
3. You still need your password to originally set up your passkey
4. There is no “one way” to set passkeys, each website may have different steps to set them up
5. You’ll need one passkey per device unless the devices can synchronize passkeys, iCloud  or Windows 11 can sync

Summary

Are passwords a thing of the past? I would love it to be so, but they are still required on some sites and may be for a while longer. Many of you are already probably using a passkey on your smartphone to access your bank or other site. As an example of how to set up a passkey, I will use Google’s website:

• Go to g.co/passkeys with your browser
• Click on Get Passkeys
• Create a new passkey
• Allow Access by Microsoft
• You are set to go

Bottom line, if your website allows you to use a passkey, use it. It is easier to use, and far more secure.

—