Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
Are Passkeys Safer Than Passwords?

Every year, we hear about critical data security breaches in government agencies, schools, hospitals, and even password managers. The rate of cybercrime is increasing, with damages predicted to reach $10.5 trillion by 2025.

Thankfully, in May 2022, Apple, Google, and Microsoft momentously announced they would support the World Wide Web Consortium and FIDO Alliance’s Web Authentication (WebAuthn) passwordless sign-ins. These passkeys are a safer alternative to passwords, as users don’t need a password but can use a biometric instead, such as facial recognition. This comes as a seldom-seen concerted effort to make the internet safer, shutting down phishing and other types of identity and credential theft.

But are passkeys the knights in shining armor that will protect us from cybersecurity threats? Are we witnessing the end of digital drama?

Password security concerns

Digital passwords have been around for decades, and there have been continuous efforts to make them more secure. Whenever you sign up for an account and create a login, your password is encrypted in the service’s database using a hashing function like md5, which turns any password into a 32-character-long alphanumeric string.

After that, every time you log on, the same process happens, and the resulting hash is compared with what’s stored in the user’s database. If they match, you’re granted access. Unfortunately, this system is not bulletproof as hackers can bypass it through:

Introducing passkeys

Passkeys consist of linked cryptographic keys – one public and one private – where the first is logged virtually with a service and the latter stored on a device (authenticator), such as a smartphone or computer. The authentication guardianship is with the device, with it using a PIN, pattern, or biometric validation like a fingerprint.

A passkey is like how you would access a bank vault: the public key is the code you tap into the keypad, and the private is the physical key. Unlike with traditional passwords, you don’t have to worry about memorizing anything, and passkeys can’t be guessed. Even if hackers accessed your public key, it would be useless without the authenticator and the means to open it, meaning that passkeys render phishing attacks impossible.

Are passkeys really safe?

Currently, passkeys are the best and most reliable method of authentication and identity verification. However, like everything online, there are still concerns and risks. For example, if a hacker steals your session cookie, he can pose as you for as long as the session is active.

Having your authentication device stolen or losing it can also be serious if it falls into the hands of someone who can unlock it. If no additional authentication factor is set up, the cybercriminal can access your accounts.

Which platforms support passkeys?

While passkeys are slowly gaining traction, they’re still very new, and not many applications or services have adopted them yet. Nonetheless, support is growing, with some companies implementing them alongside passwords to further secure data and familiarize users with it. Companies that already support passkeys include:

  • Adobe
  • Amazon
  • Google
  • PayPal
  • WhatsApp
  • GitHub
  • TikTok
  • Cloudflare
  • eBay
  • Shop by Shopify

For an extensive list of apps, websites, and services that support passkeys, 1Password has developed an extensive and comprehensive directory.

Passwords vs passkeys

Passwords have been around for decades and are still the main authentication mechanism used across the internet. However, getting users to try something new and give up their old habits is always challenging, even if the new approach is more secure. Passwords are easy to guess and steal since most users practice poor password hygiene with short, duplicated passwords across accounts.

Passkeys have their drawbacks, too. They’re a more complex authentication method and only sync across platforms on the same operating system. In addition, only a few renowned services provide passkey support, which may require additional hardware and software. However, even with these shortcomings, passkeys are exceptionally more reliable and convenient. Users don’t need to keep track of multiple passwords or worry about phishing attempts and can log in much faster.

Are passwords going away?

Passkeys are starting to steal the show, but they’re not replacing passwords any time soon. Passkeys are one of the most reliable authentication methods available and are undoubtedly a step forward in cybersecurity. However, we recommend that users get familiarized with passkeys but continue to use their passwords. This is easy since most services still use passwords as an additional authentication method.

However, there is an issue that remains unresolved with passkeys, which is that they are bound to the operating system with which they were created. For example, if you create a passkey with an Android device, you won’t be able to log in using iOS.

Best password managers that support passkeys

At first, passkeys seemed likely to signal the end of password managers since all you need is a device like a smartphone to access accounts. However, password managers now allow users to store and synchronize passkeys, becoming responsible for the authentication process instead of a device.

RoboForm

In September 2023, RoboForm announced users can securely store and use passkeys on any device as long as RoboForm is installed. This bypasses the usual limitation of passkeys, meaning they are no longer restricted to one device.

RoboForm isn’t one of the best password managers out there by chance. It has well-designed apps and browser extensions for most platforms with military-grade AES-256 encryption, cross-device syncing, autofill, password sharing, biometric authentication, and more. Plus, it offers a free forever plan, customer-friendly prices, and a 30-day money-back guarantee.

RoboForm Visit
50% Off
Pros
  • Passkey support
  • Cross-device syncing
  • 30-day money-back guarantee
  • Affordable
Cons
  • Confusing installation process
  • Minimum subscription is one year

NordPass

At the beginning of 2023, highly acclaimed NordPass started allowing users to create and manage passkeys securely from the comfort of their private vault. Plus, users can share them and even have multiple passkeys for the same account.

NordPass also lets users store passwords, personal notes, and credit card details in its secure vault. It uses XChaCha20 encryption, which is one of the fastest and safest algorithms out there. It provides apps and browser extensions for the most common platforms with features like autofill and a password generator. The icing on the cake is its excellent free version, its 7-day free premium trial, and its 30-day money-back guarantee.

NordPass Personal Visit
Free Forever
Pros
  • Passkey support
  • Free version
  • Easy to use
  • Strong security
Cons
  • Few data types
  • Not compatible with Safari

1Password

After trialing passkeys through a private beta version of its browser extension in the middle of 2023, 1Password has since announced full compatibility. The password manager broadens the use of passkeys to cover all devices, as well as letting users manage, create, or share them for short-term access.

1Password provides everything necessary for creating, storing, and managing all types of private information, from logins to medical records. It features end-to-end encryption, a password generator, 2FA, a password strength tool, and more. For those still on the fence, 1Password offers a 14-day free trial of all subscriptions.

1Password Visit
14-Day Free Trial
Pros
  • Passkey support
  • User-friendly interface
  • End-to-end encryption
  • 14-day free trial
Cons
  • Limited subscription options
  • No free plan

Embracing passkeys as the future of authentication

Given the nature of passkeys, it’s logical that they provide a much more secure authentication method than passwords. The mental gymnastics required to remember numerous passwords can be too much, and passkeys are here to help. Thankfully, this means the end to weak combinations like ‘mike1988′, which hugely increases the chance of a security breach.

We still recommend that users take additional precautions by activating MFA for all accounts possible and combining this with single sign-on. Additionally, users should ensure that any passwords they use are strong and do a data breach scan to check for any security incidents.

Passkeys are starting to be accepted by companies and users, but it’s still early days. While passwords will remain the most commonly used authentication method for a while, passkeys provide a significantly more secure and easier way to log in, so it seems it’s only a question of time until they triumph.

User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article
Empower Your Wedding With The Perfect Hashtag
Do you remember the time when # was a simple sign used only in phone menus? The mundane past of the hashtag is now gone, because Twitter came, saw, and turned this barely known sign into a global Internet craze. 
Read article
Recommended Wedding Website Builders for UK Couples
Recommending a wedding website builder for users from a specific country is a bit tricky. On one hand, these companies offer their services internationally and the customization options leave plenty of room for writing the content in ...
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us