As the digital world continues to expand and evolve, the need for secure authentication has become more critical than ever. Enter passkeys – a modern solution for secure authentication that provides a safer and more convenient way to access apps and websites.
Today we will delve into the world of passkeys, explaining what they are, how they work, and why they're the future of online security.
Essentially, passkeys are a new, more secure and convenient way to sign up for and access apps and websites. Cybersecurity experts tout passkeys as an authentication technology set to replace passwords.
Tech giants such as Apple, Microsoft, and Google are working on passkeys and aiming to make their platforms and accounts password-free. The decision is also expected to be taken up by other members of the FIDO Alliance, which is the driver behind passkey technology, and other companies around the globe.
When passkeys become the dominant authentication method, you will be able to sign up and access online services the same way you unlock your phone — via biometrics. No longer will you need to create, remember, and type out passwords.
Sounds awesome? Well, because passkeys are seriously awesome. Let’s have a peek at how to use passkeys in the real world.
Say you need to sign-up for a new online service that supports passkeys. All you need to do is add your email or username and confirm the prompt to create a passkey. Here’s how the sign-up process works with passkeys:
What Is a Passkey?
Now that you’re signed-up for an online service with a passkey, logging in is quick, easy and secure. All you need to do is tap the suggested passkey for that account and you are logged in.
Watch how to log in to NordPass Passkey
How do passkeys work?
Understanding passkeys and how this technology works can be somewhat tricky, mostly because passwords have been an integral part of our digital lives for so long. So first let’s recap the old and familiar before getting into passkeys. By the end we should understand the whole passkeys vs. passwords deal and why passkeys are the way of the future.
Password technology explained
Passwords — we know them all too well, and most of us have some idea of how they work. But let’s quickly recap.
Password-based authentication is relatively simple and straightforward. Say you create a password for a new online account. That password is then stored in an encrypted format on a server. When you use the password to access that account, the system compares the password you enter with the one in its database. If the two match — you’re good to go.
Simple, right? Well the catch is that this kind of user authentication presents quite a few serious security concerns. People tend to reuse simple and easy-to-crack passwords for multiple accounts, which is a hacker's dream — crack a single account and you have access to a person's entire digital life. Databases that store passwords can be breached. In fact, Verizon’s Data Breach Report notes that up to 80% of successful breaches are attributed to weak or stolen passwords.
Passkey technology explained
You can think of passkeys as a new and improved type of password. Both are used to verify a user’s identity upon sign up and login. However, the technology behind passkeys operates in a different way.
Whenever you sign up for an online service which supports passkey authentication, two keys are generated — public and private, both of which are used to authenticate the user when logging in.
The public key is stored in the website’s server, while the private key is stored on your device, whether it’s a phone, tablet, desktop, or laptop. Without each other the two keys are useless.
Upon logging in, the server sends a request to your device, and that request is then answered by a related passkey. The user’s identity is also verified on the device level via biometrics. Finally if the pair of keys match you’re granted access to your account.
Passkeys are widely considered to be a more secure and convenient form of authentication compared to passwords, as they reduce the risk of forgetting or reusing passwords. Passkeys are also resistant to phishing attacks as they can’t be stolen from your device by a third-party.
Passkeys technology explained
Store passkeys with NordPass
All NordPass users now have the ability to store and manage passkeys in NordPass and use them to access apps and websites. NordPass syncs your passkeys across all of your devices as well as operating systems and enables you to safely share passkeys whenever needed. It is important to note that sharing passkeys is not as easy with alternative systems as it is with NordPass.
We’re excited to let you know that with the release of iOS 17, passkey storage is now available on NordPass app for iOS devices. This is a monumental step for us, ensuring that you, our users, enjoy a seamless experience across all platforms and devices.
In addition to mobile access, you can also reach your passkeys on NordPass via the desktop app, web vault, Firefox, and Chrome-based browser extensions. We're also thrilled to share that support for the Safari extension is on the priority list and will be launched later this year.
Password managers are highly reliant on platform vendors when it comes to passkey technology. Therefore, we welcome the latest move from Apple because it serves as a huge milestone in replacing passwords with more advanced online authentication solutions. With tech giants allowing third-party integrations, internet users will get more user-friendly services and, as a result, will be more keen to stick to using passkeys
- Sorin Manole,
Product Strategist @ NordPass