One Tech Tip: Replacing passwords with passkeys for an easier login experience

Date:

Share post:


LONDON — If you’re tired of memorizing passwords, then give passkeys a try.

You might have noticed that many online services are now offering the option of using passkeys, a digital authentication method touted as an easier and more secure way to log in. The passkey push started gaining major momentum after Google started accepting them about 18 months ago.

Passkeys are seen as eventual replacements for passwords, but if you’re still not sure what they’re all about, read on:

Forget about memorizing an optimized 14 character password consisting of letters, numbers and symbols. Passkeys do away with that because you never need to see them. Instead you are using existing biometrics like your face or fingerprints, digital patterns or PINs to access your accounts.

Passkeys are made up of two parts of a code that only makes sense when they’re combined, kind of like a digital key and padlock. You keep half of the encrypted code, typically stored either in the cloud with a compatible password manager or on a physical security dongle. The other half is stored on the participating apps, services or accounts you want to access.

When you want to log in to your Gmail account, for example, both parts of the code will then communicate directly with each other and give you entry.

A passkey won’t work with any website except the one it has been created for, eliminating the security risks associated with traditional passwords.

That means bad actors carrying out phishing scams won’t be able to trick you into entering your details into a copycat login page for your bank. And because passkeys use cryptographic security, they also can’t brute force their way into your account by trying passwords exposed in previous data breaches or guessing them.

Some 20% of the world’s top 100 websites now accept passkeys, said Andrew Shikiar, CEO of the FIDO Alliance, an industry group that developed the core authentication technology behind passkeys.

Passkeys first came to the public’s attention when Apple added the technology to iOS in 2022. They got more traction after Google started using them in 2023. Now, many other companies including PayPal, Amazon, Microsoft and eBay work with passkeys. There’s a list on the FIDO Alliance website.

Still, some popular sites like Facebook and Netflix haven’t started using them yet.

Passkey technology is still in the “early adoption” phase but “it’s just a matter of time for more and more sites to start offering this,” Shikiar said.

I tried setting up passkeys for some of the major online services I use. It was fairly easy for some but confusing for others. Shikiar said his group is constantly working on ways to improve the user experience.

Google users can go to myaccount.google.com and under “How to sign in to Google”, click Passkeys and security keys. Upon reaching the setup screen, I received a prompt to create a passkey while simultaneously my password manager’s browser plug-in popped up offering to save it. I clicked to confirm and the setup work was all done automatically.

So far, pretty easy.

Then, I tried adding more Google passkeys to my Windows-based work laptop and a Yubico physical security key. This time, when I got to the Google setup screen, it asked for my existing passkey to confirm my identity. But then it somehow failed to authenticate through my password manager.

I tried again using other verification methods, including my Google authenticator app that I already had on my iPhone, and it eventually succeeded.

Setting up a passkey on LinkedIn was easy, though it involved running through some menus.

When I attempted to set up a passkey for my WhatsApp account, I discovered I had, apparently, already created one months earlier when I activated the app lock feature requiring a fingerprint scan.

There was more friction with my PayPal account because passkeys work on the app but not on some browsers, like Firefox. After setting one up, I also found the login process wasn’t smooth.

Amazon provided the smoothest experience. But when I tried to login with my Amazon passkey, it asked for a one-time verification code from my authenticator app, which confused me because I thought passkeys were supposed to eliminate the need for multi-factor authentication.

Shikiar said it depends on the site, but, in theory, the passkey already has enough protection built in.

“When the primary factor’s un-phishable, other factors aren’t necessary,” he said.

If you’ve lost the device containing your passkey, that doesn’t necessarily mean it’s gone. That’s because the typical method to store passkeys on phones is a cloud-based password manager from Apple, Google, or third-party providers. So just log back into the password manager from another phone or computer.

Passkeys stored on security dongles, on the other hand, aren’t synced to the cloud so there’s no way to recover them if they’re lost. It’d be a good idea to get a second hardware key and keep it as a backup.

And don’t forget you can always mix both cloud and hardware methods to keep multiple passkeys for extra redundancy.

Based on my experience, setting up a passkey can be easy, or tedious and bewildering, depending on the service and what other security technology you want to layer in.

So I wouldn’t recommend doing all your accounts right away.

Instead, choose a few of your most important and frequently used services or accounts and focus on a proper setup for those.

In theory, you could delete your old passwords. Some services like Microsoft already offer this option. Shikiar says it should be a “personal preference,” because “some people may feel extremely nervous” about going passwordless.

It’s fine to keep your password but make sure there’s also multi-factor authentication set up for it, he said.

___

Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Latvia charges 2 Lithuanians for counterfeiting Ariel laundry products in organized criminal venture

HELSINKI -- Latvian police said Thursday that criminal proceedings have been initiated against two Lithuanian citizens suspected...

Number of Americans filing for unemployment falls to lowest level in 6 months

The number of Americans applying for unemployment benefits fell to the lowest level in six months last...

Ford agrees to pay penalty to US government for moving too slowly on recalls

DETROIT -- Ford Motor Co. will pay a penalty of up to $165 million to the U.S....

Veteran NBC host Craig Melvin tapped to replace Hoda Kotb for the first hours of 'Today' show

NEW YORK -- Veteran NBC host and news anchor Craig Melvin has been tapped to replace Hoda...

EU slaps Meta with a nearly 800 million euro fine for engaging in 'abusive' Marketplace practices

LONDON -- European Union regulators hit Facebook parent Meta with a fine of nearly 800 million euros...

Disney Q4 bolstered by strong results from streaming, 'Inside Out 2' and 'Deadpool & Wolverine'

Disney's fourth-quarter adjusted profit beat Wall Street's expectations, bolstered by strong results from its streaming service and...

South African government says it won't help 4,000 illegal miners inside a closed mine

JOHANNESBURG -- South Africa's government says it will not help 4,000 illegal miners inside a closed mine...

Food aid interventions can curb climate change-induced hardship. But should they do more?

CHIPINGE, Zimbabwe -- Gertrude Siduna appears to have little appetite for corn farming season.Rather than prepare her...