Passkeys are safer than passwords and increasingly being adopted by Google, Microsoft and others
- Passkeys are a safer and simpler replacement for passwords, which are fraught with security concerns.
- Major companies are increasingly adopting passkeys and Microsoft is ditching passwords altogether.
- Still, more companies need to push passkeys and users need to start using only passkeys for better security.
Passwords may be coming to an end.
Passwords have long faced criticism for their weak security: Data breaches expose billions of passwordsevery year and people often use the same phrases or combinations, such as "admin" or "1234," that can be guessed.
Now, companies are increasingly pushing for users to ditch passwords and switch to passkeys, which are more secure because they arelinked to and stored on devices such as computers or smartphones.
More than 15 billion accounts now have the option to use passkeys, according to FIDO Alliance, an industry cybersecurity group that developed passkeys.
"What is happening for consumers is even though they are under increasing attack, websites are using passkeys to help them sign in securely," Andrew Shikiar, CEO of FIDO Alliance, told ConsumerAffairs.
Microsoft said this yearit would make all new accounts "passwordless by default" and instead have accounts setup passkeys. Google is also encouraging passkeys after a surge of phishing attacks on Gmail.
"Microsoft's leadership on this front is fantastic and will help others follow suit," Shikiar said.
Image via Microsoft.
And more than a dozen big financial companies have also made passkeys available, including American Express, Bank of Americaand Wells Fargo. E-commerce websites, such as Amazon, eBay and Walmart, have also adopted passkeys.
"The results speak for themselves: Time after time, companies report that their customers have a much faster time to sign in," Shikiar said.
How do passkeys work?
Passkeys work by having a private key and public key.
"That means there'sno way to remotely get in," Shikiar said. "You can go steal my public key all you want."
What provides the strong security is the private key, linked to a device, that can be a code, fingerprint or facial recognition.
"Whatever you do to unlock your device is highly secure, personal to you," Shiikiar said. "All of these are highly secure methods."
For instance, Windows 11lets users have a PIN code as their passkey for supported accounts.
And every online account with passkeys has a private keylinked to a device.
But you can safely use the same code, fingerprint or facial recognition for every account since it is stored on your device.
"That's only on your device," Shikiar said.
Password managers, such as 1Password and NordPass, can also manage passkeys for users.
Can passkeys be hacked?
It is very difficult for a bad actor to use a passkey to get into an account.
In theory, a thief could glance over your shoulder to see the code you enter and then steal the device and use the passkey to access accounts. Or a criminal could threaten you to unlock a device with your fingerprint or face.
But this is much harder than a hacker guessing a password or usingone that was exposed in a data breach.
How did passkeys start?
FIDO Alliance, which developed passkeys with other companies, introduced the term in 2022. There are now more than 300 companies involved with FIDO Alliance.
"This really speaks to the magnitude of the problem and the threat presented by passwords that necessitates this level of collaboration," Shikiar said.
Apple was the first major adopter of passkeys in late 2022, when it added them to iOS, the operating system for iPhones and iPads, Shiikiar said.
Apple's passkeys come in the form of the unlock code, fingerprint or facial recognition for an iPhone or iPad, which other companies then can recognize for signing on.
Image via Apple.
In 2023, Google's Android operating system also began supporting passkeys.
"We have more sites thanwe can count supporting passkeys," Shikiar said. "I think that's fantastic progress."
Still, he said there is room to grow and FIDO Alliance doesn't have numbers on the percentage of users only using passkeys.
"We need to make sure that everyone who has the option to use passkeys is using them," Shikiar said. "Furthermore, that people start to eventually delete their passwords altogether."
Sign up below for The Daily Consumer, our newsletter on the latest consumer news, including recalls, scams, lawsuits and more.
Posted: 2025-05-09 17:48:05
