Why are they better than passwords?
In the coming months, you will probably change how you sign on to your favorite web sites.
Passkey support is coming to your devices and web sites to provide a sign-on process that is both more secure and more convenient than the familiar but annoying username and password system.
Passkeys were developed and supported jointly by Google, Apple and Microsoft through the FIDO Alliance.
Passkeys are superficially similar to the Logon with Apple or Logon with Google buttons you may have seen on some web sites. Passkeys, however, represent a single, unified standard logon mechanism that a web site can implement once, which then supports all platforms. The buy-in from major tech companies means that passkeys will probably be widely adopted.
This short video from iThemes (2:58) gives a quick overview of Passkeys. Although it is specific to WordPress and iThemes Pro, most of what is described is general-purpose.
This video from the Apple Developer Conference gives a good overview of passkeys in the first 7:30 or so. After that, the video goes deep into developer technical details.
To use passkeys to logon to a site, passkeys must be supported by both the web site and by your device. For a device to fully support passkeys, it must have biometric authentication. On Apple devices, that means Touch ID or Face ID.
However, you can use your phone (which has Touch ID or Face ID) to logon to a web site on a computer that lacks biometric authentication. You will simply scan a QR code presented by the site with your phone, and passkeys can log you in.
Biometric authentication is used only to identify you to your device. Your face or fingerprint is never transmitted to the website or outside your device.
To sign in, you will first enter your username or email address as usual. But, instead of entering a password, you will simply click Login with Passkeys, and your device will log you in securely. Since you don’t have a password, it can’t be stolen, either from you, or from the web site.
Once you have set up a passkey for a site on one of your Apple devices, it will be automatically available on your other Apple devices through iCloud. Remember, that it can only work on newer devices that have Touch ID or FaceID.
At present, there is no way to share passkeys between platforms, so your Passkeys created on an Apple device won’t easily transfer to your Microsoft Windows PC, or vice versa.
PassKeys is already supported in current versions of iOS (iOS 16.x) and MacOS 13 (Ventura). Microsoft’s implementation of passkeys is part of “Windows Hello”.
Right now, just a few web sites support passkeys, but the list is growing.
If you want to try passkeys yourself, there is a demonstration web site which lets you try creating a passkey and logging on with it.
Whatever password manager you are using, don’t get rid of it yet. Some sites will continue to use passwords. Passkeys will work in conjunction with Apple’s own password manager, Keychain. The popular password managers, Bitwarden and 1Password will probably have some sort of support for passkeys in the future.
If you are in the habit of writing your passwords down in a little black book, all you will need to record is the name of the website, your username or email, and “Use passkeys”. Anyone looking at that book would not be able to logon as you, because they won’t have your device or your face or fingerprint.
The same (lack of) information is probably what would be recorded in a password manager app. Again, it’s nice that there is no password for anyone to steal.