One Tech Tip: Replacing passwords with passkeys for an easier login experience

Date:

Share post:


LONDON — If you’re tired of memorizing passwords, then give passkeys a try.

You might have noticed that many online services are now offering the option of using passkeys, a digital authentication method touted as an easier and more secure way to log in. The passkey push started gaining major momentum after Google started accepting them about 18 months ago.

Passkeys are seen as eventual replacements for passwords, but if you’re still not sure what they’re all about, read on:

Forget about memorizing an optimized 14 character password consisting of letters, numbers and symbols. Passkeys do away with that because you never need to see them. Instead you are using existing biometrics like your face or fingerprints, digital patterns or PINs to access your accounts.

Passkeys are made up of two parts of a code that only makes sense when they’re combined, kind of like a digital key and padlock. You keep half of the encrypted code, typically stored either in the cloud with a compatible password manager or on a physical security dongle. The other half is stored on the participating apps, services or accounts you want to access.

When you want to log in to your Gmail account, for example, both parts of the code will then communicate directly with each other and give you entry.

A passkey won’t work with any website except the one it has been created for, eliminating the security risks associated with traditional passwords.

That means bad actors carrying out phishing scams won’t be able to trick you into entering your details into a copycat login page for your bank. And because passkeys use cryptographic security, they also can’t brute force their way into your account by trying passwords exposed in previous data breaches or guessing them.

Some 20% of the world’s top 100 websites now accept passkeys, said Andrew Shikiar, CEO of the FIDO Alliance, an industry group that developed the core authentication technology behind passkeys.

Passkeys first came to the public’s attention when Apple added the technology to iOS in 2022. They got more traction after Google started using them in 2023. Now, many other companies including PayPal, Amazon, Microsoft and eBay work with passkeys. There’s a list on the FIDO Alliance website.

Still, some popular sites like Facebook and Netflix haven’t started using them yet.

Passkey technology is still in the “early adoption” phase but “it’s just a matter of time for more and more sites to start offering this,” Shikiar said.

I tried setting up passkeys for some of the major online services I use. It was fairly easy for some but confusing for others. Shikiar said his group is constantly working on ways to improve the user experience.

Google users can go to myaccount.google.com and under “How to sign in to Google”, click Passkeys and security keys. Upon reaching the setup screen, I received a prompt to create a passkey while simultaneously my password manager’s browser plug-in popped up offering to save it. I clicked to confirm and the setup work was all done automatically.

So far, pretty easy.

Then, I tried adding more Google passkeys to my Windows-based work laptop and a Yubico physical security key. This time, when I got to the Google setup screen, it asked for my existing passkey to confirm my identity. But then it somehow failed to authenticate through my password manager.

I tried again using other verification methods, including my Google authenticator app that I already had on my iPhone, and it eventually succeeded.

Setting up a passkey on LinkedIn was easy, though it involved running through some menus.

When I attempted to set up a passkey for my WhatsApp account, I discovered I had, apparently, already created one months earlier when I activated the app lock feature requiring a fingerprint scan.

There was more friction with my PayPal account because passkeys work on the app but not on some browsers, like Firefox. After setting one up, I also found the login process wasn’t smooth.

Amazon provided the smoothest experience. But when I tried to login with my Amazon passkey, it asked for a one-time verification code from my authenticator app, which confused me because I thought passkeys were supposed to eliminate the need for multi-factor authentication.

Shikiar said it depends on the site, but, in theory, the passkey already has enough protection built in.

“When the primary factor’s un-phishable, other factors aren’t necessary,” he said.

If you’ve lost the device containing your passkey, that doesn’t necessarily mean it’s gone. That’s because the typical method to store passkeys on phones is a cloud-based password manager from Apple, Google, or third-party providers. So just log back into the password manager from another phone or computer.

Passkeys stored on security dongles, on the other hand, aren’t synced to the cloud so there’s no way to recover them if they’re lost. It’d be a good idea to get a second hardware key and keep it as a backup.

And don’t forget you can always mix both cloud and hardware methods to keep multiple passkeys for extra redundancy.

Based on my experience, setting up a passkey can be easy, or tedious and bewildering, depending on the service and what other security technology you want to layer in.

So I wouldn’t recommend doing all your accounts right away.

Instead, choose a few of your most important and frequently used services or accounts and focus on a proper setup for those.

In theory, you could delete your old passwords. Some services like Microsoft already offer this option. Shikiar says it should be a “personal preference,” because “some people may feel extremely nervous” about going passwordless.

It’s fine to keep your password but make sure there’s also multi-factor authentication set up for it, he said.

___

Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Penn State wins trademark case over retailer's use of vintage logos, images

WILLIAMSPORT, Pa. -- Penn State has won a closely watched trademark fight over an online retailer's use...

What you need to know about the proposed measures designed to curb Google's search monopoly

U.S. regulators are proposing aggressive measures to restore competition to the online search market after a federal...

Average rate on a 30-year mortgage in the US rises to highest level since July

The average rate on a 30-year mortgage in the U.S. edged closer to 7% this week as...

The biggest remaining unsanctioned Russian bank hit with U.S. sanctions, nearly three years into war

WASHINGTON -- Russia's third largest bank, Gazprombank and its six foreign subsidiaries were hit with U.S. sanctions...

Kenya cancels airport and energy deals with Adani group after the U.S. indicts the tycoon

NAIROBI, Kenya -- Kenya’s president said Thursday he has cancelled multimillion-dollar airport expansion and energy deals with...

North Korea and Russia agree to expand their economic cooperation

SEOUL, South Korea -- North Korea and Russia reached a new agreement for expanding economic cooperation following...

Stock market today: Asian shares mostly slip despite Nvidia's solid earnings report

TOKYO -- Asian shares were mostly lower on Thursday after a mixed close on Wall Street, with...

Feds outline 'necessary steps' for Colorado River agreement by 2026 but no recommendation yet

LAS VEGAS -- Federal water officials made public on Wednesday what they called “necessary steps” for seven...