Date First Published: 6th January 2024
Topic: Cybersecurity
Subtopic: Security Mechanisms & Technologies
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 6/10
Learn about what a passkey is in this article.
A passkey is an authentication technology that allows users to authenticate without a password. Passkeys are tied to a specific account and are only stored on the device, so they cannot be intercepted by attackers. For example, passkeys may allow users to log into websites and apps with a biometric sensor, PIN, or pattern.
Passkeys generate a special key and send it to the website you are trying to visit when you unlock the device with your face, fingerprint, or personal identification number (PIN). You will then be logged in without the need to enter your login credentials or biometric data, or have them sent over an insecure Wi-Fi connection.
Two cryptographic keys (one private key stored on the device and one public key stored on the server of the website or service for the account) are generated when first creating a passkey for an account. The user's device receives a mathematical challenge from the server, which it then solves using the private key and an algorithm. The device sends that information back to the server, which uses the public key to verify it. Neither the server nor the user's device ever holds both keys.
For example, when logging in to a website on a computer that someone does not normally use, the login screen on the website may have a QR code to scan with a phone that has passkey technology enabled. With Bluetooth enabled on the phone and the phone within Bluetooth frequency range, a push notification will be received to use biometric identification or a PIN. Afterwards, the website will enable the user to log in.
Passwords have become an inconvenience for users. Users sometimes fail to remember passwords, choose weak passwords, and fall for phishing scams. They can also be stolen by keyloggers, data breaches, and other security holes. Passkeys prevent these types of security issues. For example, passkeys cannot be stolen as easily as the data is stored on a device rather than a server and the attackers need access to the fingerprint, facial ID, or PIN to gain access. Overall, passkeys are more secure than passwords and provide a better user experience, but passwords remain the standard authentication method.
Not all operating systems and applications support passkeys and they can be awkward at times. For example, moving to a different operating system or device is harder when using passkeys. It is unlikely that users will be forced to use passkey technology, but more websites and apps will provide it as an option in the future.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Threats To Individuals Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection
