There are a number of steps you can take to beef up your password security, of course. First, you can use a complex and unique password for each of your accounts, making sure to never reuse a password. A well-made password can be impossible for a human to guess, and virtually impossible for a computer to guess. But even if a company loses your password in a data breach, using two-factor authentication (2FA) can protect you further. Without a trusted device that either generates or receives a 2FA code, your password becomes essentially useless to hackers. And since you didn’t repeat passwords, they can’t try it on your other accounts. That’s what makes this combo a winning strategy.
Passkeys are a (relatively) new authentication method that offer a similar experience to passwords without actually involving a password of any kind. The measure relies on something called public key cryptography: When you create a new account with a passkey, or you create a passkey for your existing account, a “key pair” is generated. One of these keys is public, and is stored by the company that runs the account in question. This key is not a secret, and, theoretically, could be stolen or lost in a breach. However, the other key is a secret. This private key is stored on your device–such as a smartphone, tablet, or computer—and is what is used to actually authenticate your identity.
Your passkeys are securely stored on your devices, typically in a “vault” such as a keychain or password manager. Apple generates and stores passkeys in iCloud Keychain, for example. If you use a password manager, like Bitwarden or 1Password, you can create and store passkeys there. Any device that has access to that password manager can then also access the passkey for authentication.
Are passkeys secure?
The short answer? Yes. Passkeys are an extremely secure authentication method. While they're way more secure than passwords, they're even more secure than 2FA. 2FA is great, and certainly better than using a password alone, but it is possible for attackers to steal the authentication codes—especially when these codes are SMS-based. This can be as sophisticated as hacking into the platforms that send your codes, or as simple as a phishing scheme: Scammers can pose as representatives of the account in question, and trick you into sharing your 2FA codes with them. As such, 2FA, while secure, has an inherent phishing flaw.
One of the most common concerns regarding passkeys is what happens when you lose the device the passkey is stored on. After all, if the secret key is kept only on your smartphone, what happens if it is lost, stolen, or breaks?
But more importantly, you don’t need to keep your passkeys to just one device. There are secure protocols that allow you to sync your passkeys between different devices. For example, if you create a passkey on your iPhone, iCloud Keychain securely syncs that passkey to your other connected Apple devices as well, such as an iPad and Mac. That way, when you want to log into your account on any of these devices, the option to authenticate with your passkey will be available on any—you just need to use Face ID, Touch ID, or present your PIN, and you’re in.
Can you export passkeys?
That doesn't mean you need to keep this service forever, however: You can set up new passkeys for existing accounts on other services, so you can securely get rid of your old passkey devices. However, make sure to keep the old device until you have the passkey established on a new one. If something goes wrong, and you're not able to set up a new passkey on another device, you'll need the old device to confirm your identity—unless you have an alternative authentication option, like a password.
Passkeys aren't perfect: In practice, they can be a bit complicated, especially when working across different devices. But at their best, they offer both convenience and security. If you aren't particularly tech savvy, or if you're not totally entrenched in one tech company's ecosystem, it might be a bit too early to go all-in on passkeys. But passkeys can keep your accounts safe and secure, so long as you understand these other weaknesses.
Hence then, the article about what are passkeys and who should be using them was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( What Are Passkeys, and Who Should Be Using Them? )
Also on site :