Everyone is familiar with passwords. For decades, these character strings have safeguarded our crucial digital data and accounts.

However, after countless data breaches and decades of using traditional passwords, it seems nothing has changed: far too many individuals continue to use their dog's name or child's birthdate as their password for everything. Some people, (most people), have even written their important passwords down on a Post-it note kept by the computer.

When creating an online account these days, you are often required to establish stronger (i.e., more sophisticated) passwords. Modern password requirements include greater character counts with both capital and lowercase letters, digits, and special characters. Additionally, more websites— but sadly, not nearly enough— are adding stronger encryption to the back end. Stronger back end encryption means in the event that a breach does occur, hackers would essentially be left with a massive blob of encrypted (unreadable) data that would take eons to decipher.

Password Security Meets 2FA

Savvy users are now choosing to activate two-factor authentication (2FA), which verifies that you are the one attempting to access your account. Before login is complete, your phone or email is pinged with a second code to enter after correctly entering your password.

 However, 2FA enhancements to passwords aren't foolproof. Anyone who has experienced SIM-jacking will tell you that 2FA is not a guarantee as it assumes you have complete control over your messaging accounts. Furthermore, if you fall for a social engineering attack (beware the apparent kindness of strangers) or phishing fraud (unknowingly inputting your credentials into a false website), all of your efforts to protect yourself online— including using VPNs, anti-malware programs, and 18-character randomly generated passwords— will be for nothing.

So, What’s a Passkey?

 A passkey is a type of digital identity that is linked to your account on a certain website or application. Even though it sounds like a password, there's a crucial difference: passkeys are bilateral authenticators. This means passkeys consist of two distinct parts: a public key that is owned by the website or application and a private key that is kept locally on your device. These two keys couple together and grant you access to your account when you log in with a passkey.

Because passkeys are encrypted keys living on your personal device, rather than on servers, they are much more secure than typical passwords. Additionally, they can be used in conjunction with biometrics— like fingerprint or facial recognition— to start the login process, just like passwords. Your biometrics would be required even if a hacker managed to get their hands on your device in order to access any accounts, which is far more difficult than brute forcing a standard password.

The Future of Passwords and Passkeys

The majority of large digital companies, including Google, Apple, and Microsoft, have embraced passkey authentication techniques; however, millions of websites currently lack the infrastructure to do so. In an effort to "reduce the world's reliance on passwords," the IT industry consortium called the FIDO Alliance is working to standardize passkeys.  

Assuming you have a current smartphone that supports biometric logins, you can experiment with passkeys on a handful of non-critical accounts to see how it works. If you’re comfortable with how that goes, you can start moving to passkeys across the rest of your digital services where they’re supported and say goodbye to passwords.    

Passkeys are also extremely useful to organizations– not just individuals. Implementing stronger security, while also streamlining logins for employees and customers, is becoming increasingly important as we enter a new online era where passwords no longer promise protection.   

To learn more about passkeys and how you can get started reach out to sales@txsystems.com or view our FIDO page.