Passkeys: A Simpler and Safer Way to Log In
Remember when passwords were simple? Maybe your dog’s name, or your birthday? Your phone number? Unfortunately, those days are gone. Hackers have become incredibly clever, and simple passwords won’t protect your accounts anymore. But wait! There’s a new, easier, and much safer way to log in, and it’s called a passkey.
The Problem with Passwords
We’ve all been there: forgetting a password, struggling to create a “strong” one with random letters and symbols, or worrying about a data breach where our passwords might be stolen. The truth is, passwords have several weaknesses:
Even “strong” passwords can be vulnerable to sophisticated hacking techniques.
Many of us (most of us) use the same password for multiple websites, meaning if one site is compromised, all our accounts are at risk.
Phishing scams and counterfeit websites can fool us into giving away our passwords.
Passkeys: A Simpler and Safer Way to Log In
Imagine logging into your favorite website or app simply by using your fingerprint, face scan, or PIN on your phone or computer. That’s the magic of passkeys.
How Do Passkeys Work?
Instead of a password you type in, a passkey creates a unique digital “key” for each website or app. This key is stored securely on your device (like your phone or computer) and is tied to that specific website.
When you create an account or enable passkeys, the website generates two keys: a public key and a private key. The public key stays with the website. The private key stays on your device, protected by your fingerprint, PIN, or face ID. When you log in, your device verifies your identity (fingerprint, PIN, face scan, etc.) and uses the private key to prove to the website that you’re you. No password to type, and no chance of someone stealing it.
Passkeys are more secure because:
- You don’t have to create or remember complex passwords.
- Since there’s no password to type, phishing scams become much less effective.
- Each passkey is unique, so even if one website is compromised, your other accounts are safe.
- Passkeys use advanced encryption, making them much harder to crack and much stronger than traditional passwords.
- Passkeys are stored locally on your device (computer, phone, tablet), meaning they are not being stored on a company’s server, where they could be stolen in a data breach.
- Most passkey systems offer cloud syncing, so if you get a new phone or computer, your passkey can safely transfer over.
How to Use Passkeys
Many popular websites and apps are starting to offer passkey support. Look for options like “passkeys,” “security keys,” or “biometric login” in your account settings.
Follow the website’s instructions to create a passkey. This usually involves verifying your identity with your device’s fingerprint, face scan, or PIN.
The next time you log in, you’ll be prompted to use your passkey. Simply verify your identity, and you’re in!
Will Passkeys Completely Replace Passwords?
While passkeys are a significant step forward, they will take time to replace passwords completely.
Some people are reluctant to try new technology, and not all websites and apps currently support passkeys.
As more and more companies embrace passkeys and as people realize how secure and easy to use they are, it is very likely that passwords will become less and less common and passkeys will become the primary way to log into online accounts in the future.
Passkeys offer a simpler, safer, and more convenient way to log in. They eliminate the hassle and risks of passwords and provide much stronger protection against hackers.
So, next time you see the option to use a passkey, give it a try. You might just find you never want to type another password again!
Can you have passkeys on two devices for the one website/ acoount?
Yes, you can! In fact, having your passkey available on multiple devices is one of the best ways to ensure you don’t get locked out of your accounts.
I was prompted to setup Passkey, I clicked YES and was ask to login in to Google.
is this correct? I stopped the process waiting for your reply before i proceed further with Passkey activation.
Doug
Yes. Google needs you to verify you’re who you say you are before setting up Passkey for you.
A couple of sites I use often tell me that I have discarded my passkey. How do I reinstate a deleted/discarded passkey? And if a site doesn’t offer me the option of using a passkey is there a way of enabling one?
Hi Leslie,
Passkeys are still relatively new, and the messages websites give us can be a bit confusing. When a site says a passkey has been “discarded,” it usually just means the “handshake” between your computer and the website’s server has been broken.
How to “Reinstate” a Passkey
Technically, you don’t “undelete” a passkey like a file in the Recycle Bin. If a site says it’s gone, the easiest thing to do is simply create a new one. You should log in to the website using your old-fashioned password (or a code sent to your email). Once logged in, go to your Account Settings or Security page. Look for a section called “Passkeys,” “Security Keys,” or “Passwordless Sign-in.” Delete any “old” or “broken” passkeys listed there and click “Create a Passkey.” This creates a fresh, new digital “key” that will work immediately.
Why did this happen to you? Well, sometimes passkeys get “discarded” if you clear your browser’s security data, if you changed your device’s PIN/Fingerprint, or if you recently moved to a new computer.
I hope this helps you, Leslie