:format(avif))
:format(avif))
As the digital world continues to expand and evolve, the need for secure authentication is more critical than ever. Enter passkeys – a modern solution for secure authentication that provides a safer and more convenient way to access apps and websites without ever having to remember or type out a password. Today, we’re looking into the world of passkeys, explaining what they are, how they work, and why they're considered the future of authentication.
Contents:
What are passkeys?
Essentially, passkeys are a new, phishing-resistant, and convenient way to sign up for and access apps and websites. At its core, a passkey is a digital login credential that uses your device—be it a phone, laptop, tablet, or desktop—to authenticate you instead of a traditional username and password combination. Cybersecurity experts tout passkeys as the authentication technology set to replace passwords.
Tech giants such as Apple, Microsoft, and Google are working on passkeys and aiming to make their platforms and accounts password-free. The decision is also expected to be taken up by other members of the FIDO Alliance, which is the driver behind passkey technology, and other companies around the globe.
When passkeys become the dominant authentication method, you will be able to sign up and access online services the same way you unlock your phone — via biometrics. No longer will you need to create, remember, and type out passwords.
Sounds awesome? Well, because passkeys are seriously awesome. Let’s have a peek at how to use passkeys in the real world.
Sign-up experience
Say you need to sign-up for a new online service that supports passkeys. All you need to do is add your email or username and confirm the prompt to create a passkey. Here’s how the sign-up process works with passkeys:
Login experience
Now that you’re signed-up for an online service with a passkey, logging in is quick, easy and secure. All you need to do is tap the suggested passkey for that account and you are logged in.
How do passkeys work?
Understanding passkeys and how this technology works can be somewhat tricky, mostly because passwords have been an integral part of our digital lives for so long. So first let’s recap the old and familiar before getting into passkeys. By the end we should understand the whole passkeys vs. passwords deal and why passkeys are the way of the future.
Password technology explained
Passwords — we know them all too well, and most of us have some idea of how they work. But let’s quickly recap.
Password-based authentication is relatively simple and straightforward. Say you create a password for a new online account. That password is then stored in an encrypted format on a server. When you use the password to access that account, the system compares the password you enter with the one in its database. If the two match — you’re good to go.
Simple, right? Well the catch is that this kind of user authentication presents quite a few serious security concerns. People tend to reuse simple and easy-to-crack passwords for multiple accounts, which is a hacker's dream — crack a single account and you have access to a person's entire digital life. Databases that store passwords can be breached. In fact, Verizon’s Data Breach Report notes that up to 80% of successful breaches are attributed to weak or stolen passwords.
Passkey technology explained
You can think of passkeys as a new and improved type of password. Both are used to verify a user’s identity upon sign up and login. However, the technology behind passkeys operates in a different way.
Whenever you sign up for an online service which supports passkey authentication, two keys are generated — public and private, both of which are used to authenticate the user when logging in.
The public key is stored in the website’s server, while the private key is stored on your device, whether it’s a phone, tablet, desktop, or laptop. Without each other the two keys are useless.
Upon logging in, the server sends a request to your device, and that request is then answered by a related passkey. The user’s identity is also verified on the device level via biometrics. Finally if the pair of keys match you’re granted access to your account.
Passkeys are widely considered to be a more secure and convenient form of authentication compared to passwords, as they reduce the risk of forgetting or reusing passwords. Passkeys are also resistant to phishing attacks as they can’t be stolen from your device by a third-party.
What sites and apps support passkeys?
Unsurprisingly, passkeys are gaining a lot of traction. Major websites, services, and apps that already support passkey-based authentication include Apple, Amazon, Adobe, Coinbase, eBay, GitHub, Google, LinkedIn, Microsoft, Nintendo, PayPal, Shopify, Sony, TikTok, WhatsApp, X, Yahoo, and quite a few others.
In the next couple of years, we can expect to see most companies pivot to passkey-based authentication, not only to make things easier for their users but also to improve the overall security for all involved parties.
Will passkeys replace passwords?
Well, all signs point to that! Due to the convenience and security provided by passkeys, the era of passwords may soon be over. However, before it happens, major platforms, services, and apps must introduce passkeys as the authentication method.
In NordPass, the passwordless future has already begun. We’re ready and determined to make your transition from passwords to passkeys as smooth and easy as possible.
Store passkeys with NordPass
All NordPass users now have the ability to store and manage passkeys in NordPass and use them to access apps and websites. NordPass syncs your passkeys across all of your devices as well as operating systems and enables you to safely share passkeys whenever needed. It is important to note that sharing passkeys is not as easy with alternative systems as it is with NordPass.
We’re excited to let you know that with the release of iOS 17 and Android 14, passkey storage is now available on NordPass apps for both iOS and Android devices. This is a monumental step for us, ensuring that you, our users, enjoy a seamless experience across all platforms and devices.
In addition to mobile access, you can also reach your passkeys on NordPass via the desktop app, web vault, Firefox, and Chrome-based browser extensions. We're also thrilled to share that support for the Safari extension is on the priority list and will be launched later this year.
Besides allowing you to store passkeys, NordPass also helps businesses enable this new and more secure passwordless authentication on their websites and apps via Authtopia by NordPass – a solution designed to allow developers of any skill level to easily implement a pre-existing code and enable the passkeys widget in their service.
Password managers are highly reliant on platform vendors when it comes to passkey technology. Therefore, the move from Apple and Google serves as a huge milestone in replacing passwords with more advanced online authentication solutions. With tech giants allowing third-party integrations, internet users will get more user-friendly services and, as a result, will be more keen to stick to using passkeys.
Sorin Manole
Product Strategist @ NordPass
If you have more questions about how passkeys work in NordPass, please visit our Help Centre article or contact us at [email protected].
FAQ
Passkeys were developed by the FIDO (Fast IDentity Online) Alliance, a consortium of companies and organizations committed to creating secure and easy-to-use authentication standards. Apple, Google, Microsoft, and a number of other tech giants are a part of the FIDO Alliance and have worked on the development of passkey technology.
To start using passkeys, follow these steps:
Ensure your device supports passkeys. Most modern smartphones, tablets, and computers do.
Enable passkey support in your device settings.
When creating a new account or logging in to a supported service, select the option to use a passkey.
Follow the on-screen instructions to create or use your passkey.
Passkeys are stored securely on your device and are typically managed by your device's operating system. On Apple devices, passkeys can be found in the newly released Passwords app. On Android devices, passkeys are usually managed via the Google Password Manager.
Passkeys offer better security because they are impossible to steal and are phishing-resistant. One of the key benefits that passkeys provide are a quicker, simpler, and safer way to access your accounts. However, the main drawback is that passkeys are device-dependent, making recovery challenging if you lose the device associated with the passkey.
Passkeys do not expire. However, the associated service using the passkey might require periodic re-authentication or updates.