Humans are just not good at keeping secrets.
Decades of warnings about password strength, not sharing your password and keeping passwords new, fresh, and varied across devices has changed little in our password habits. In 2022, the most popular password was still "123456"! This is a bit unnerving when you consider that over 80% of hacking driven security breaches can be attributed to weak and stolen passwords. (2023 Data Breach Investigations Report).
Big Tech are now taking the responsibility for password security out of the hands of silly humans and getting rid of passwords in favour of the Passkey. Google announced in May that they are making passkeys available for their accounts. At the moment, it is a choice, and you can stay with your old password system or upgrade. It seems that passkey is the more secure option for the future. Especially when users are holding on to those old ‘password123’ weak password log ins!
Passkeys let users sign into apps and sites the same way they unlock their devices with a fingerprint, a face scan, or a screen lock PIN. Unlike the password, which can be vulnerable to several hacking methods, passkeys are resistant to online attacks like phishing. They are also resistant to the user forgetting the password and having to go through the whole ‘res-set’ process. Passkeys are also more secure than the messaged SMs one-time codes, that banks use to verify your identity when signing in. 1Password, the company specialises in bringing private, secure, and user-friendly password management to private individuals and businesses have said.
"There’s no such thing as a 'weak' passkey, and they can’t be stolen in a data breach. These passwords less login credentials also speed up the process of signing into your online accounts."
In rolling out the introduction of passkeys for their accounts, Google state that passwords are no longer sufficient in keeping data safe against cyberattacks. This is backed up by statements made by FIDO, the open industry association that is looking to reduce reliance on passwords.
"Last year, FIDO described password-only authentication as 'one of the biggest security problems' on the web. This is because many users end up reusing the same password across multiple services, which can lead to data breaches and account takeovers."
(Are we heading towards a future without passwords?)
The argument that Passkeys are easier to use, safer to use and will end the era of hackers guessing birthdays and pet names to access your accounts, cash and deepest secrets is quite compelling.
Passkeys can only be created using biometrics, so there is a possibility of problems when verifying your account. To access properly you must make sure your fingers are clean. The same is applicable to the user's face. Passkeys may be more difficult to use for users with disabilities, or for older, less technical users or indeed for those who choose to use older devices. Changing to Passkey may require an upgrading of devices and may be incompatible with phones etc.
The promise from Tech companies is that Passkey is to be shared across devices within each of the big tech companies. This means that if you lose your phone, your passkeys are securely stored (with end-to-end encryption) to the cloud and can then be restored to a new phone.