Passkeys: The future of smart passwords

Passkeys offer a more secure and user-friendly alternative for online authentication. So what are they?

Passwords have become a security nightmare. Easily forgotten, often reused and hacked. Globally, 81% of confirmed breaches in 2022 were due to weak, reused, or stolen passwords. In just the first quarter of 2024, over 1.8 million Australian user accounts were leaked from data breaches. Passwords included.

All that to say, we shouldn’t be overly excited to hold onto using passwords in the future. Password Managers help us generate and store passwords, but there’s one new technology that will take yet another big step towards killing off passwords: Passkeys.

Passkeys offer a more secure and user-friendly alternative for online authentication. So what are they, and how will passkeys help businesses strengthen their cyber security?

What Are Passkeys?

Passkeys are cryptographic alternatives to traditional passwords. They provide more secure and user-friendly authentication. Passkeys use your device's built-in security features, including biometrics (Apple FaceID) or PIN codes, to verify your identity.

The FIDO Alliance, an open industry association with a mission to “reduce the world’s over-reliance on passwords” is developing specifications for secure passkey transfer between devices.

More websites are supporting passkeys, signalling a shift towards ‘passwordless’ authentication.

Advantages for Small Businesses

Passkeys are gaining significant traction in Australia, with both businesses and government agencies recognising their potential to enhance security. Tech giants like Apple, Google, Microsoft, and Samsung also support them. Leading password managers, such as Keeper, are also on board.

Passkeys offer superior protection against cyber threats for two important reasons:

1. Phishing Resistance
   Passkeys are tied to specific websites, making them immune to phishing attacks.

2. No Credential Reuse
   Each passkey is unique, preventing compromised credentials from affecting multiple accounts. (Like having a new credit number for each transaction)

Passkeys also improve user experience and productivity by streaming the login process. Logins are up to 75% faster with passkeys and authentication attempts are more successful than passwords or two-factor authentication.

How to create a Passkey

For ShadowSafe clients using Keeper, here’s how to create and manage passkeys:

To create a Passkey: Visit the "Security" or "Account Settings" screen of a passkey-supported website or application.

To store a Passkey: Keeper intercepts the passkey creation request and offers to save it in your Keeper Vault.

To use your Passkey: You can use passkeys stored in your Keeper Vault across different browsers and operating systems.

To share your Passkey: You can securely share passkeys with team members, like other records in your vault.

For a detailed Keeper Passkey guide with images and video, click here.

Sources:

ZDnet, Cyber Daily Au, Keeper,

Read next: Cyber security fundamentals: Are you covering the basics?