There’s been a lot of talk lately passkey and their progressive use to replace the password. After all, famous companies such as Apple e Google they have never made a secret of wanting to take this path, to make their users’ devices and data even more secure.
But what is the difference between password and passkey and why are the latter preferred?
Password vs passkey
For non-experts it could be difficult to understand what is the distinction between these two terms, very similar to each other but different in structure.
Wanting to be synthetic, we could say that passkeys are simpler and more convenient than passwords. How do they work? To find out, we must first make a distinction between the two terms.
Norton: Better security for your devices and VPN for online privacy
Password
When we talk about a password we are talking about a secret code which for years has allowed our accounts to remain safe from the bad guys on the web. But is it really so? Not really, however useful passwords have often proved to be half weak to prevent cybercriminals from taking possession of our data.
Of course this doesn’t mean that the password system was badly thought out, it’s just too often that people on the net use it short and short or easy to guess passwords to protect your devices, accounts and data. And just as often they use a single password for everything.
Furthermore, those who fall victim to the notorious phishing attacks discover their side even more, seriously endangering everything they have protected.
Passkey
By contrast the passkeys certainly prove themselves safer and more convenientas to access an account you need a authenticatorwhich can be another device you own.
In fact, when a system protected by a passkey is used, the login attempt requires the user to use the device on which the authenticator was installed.
We often talk about a disposable numeric code produced by the authenticator that the user must enter to log in or, otherwise, using biometric technology.
It therefore appears clear that passkeys are much more secure than passwords: first of all, there is no number, name or anything else we thought we needed to remember, just as the bad guys cannot steal any secret key to use our accounts and data.
Last but not least, passkeys are easier to use, as all you need is an authenticator that can be easily installed on our devices.
Apple and Google in favor of passkeys
Now that we have unraveled the matter and explained the difference between password and passkey, we can move on to the next step.
Will passkeys completely replace passwords? Probably yes, but it is not yet known when. Meanwhile, there are several sites that are focusing on this new protection technology for registered user accounts and even multinationals such as Google and Apple have shown a very strong interest in adopting this system.
Apple introduced the passkey system with iOS 16 and macOS 13thus making access by its users faster and more secure, as the standard on which this technology is based, as already explained a few lines above, it’s at prova di phishing.
Basically in the Apple universe, iPhone or Mac owners have two keys: a public one, stored on the server, and a private one, which is necessary for access and which only the user can know.
It then understands how via the passkey, which are based on standards WebAuthnnot even Apple itself is aware of the codes actually needed to log in, guaranteeing much higher privacy than using passwords.
Last but not least, through passkeys they can synchronize between a user’s devices thanks to the iCloud Keychainitself protected by end-to-end encryption and two-factor authentication.
In Apple’s intentions, therefore, there was a real desire to use passkeys to definitively replace passwords, a road that Google has also decided to take.
In fact, the Mountain View multinational had announced in October the first tests to implement the passkey function in Google Chrome, which actually happened in December 2022 with the M108 version.
Will passkeys become mandatory making passwords obsolete?
As mentioned, it is very probable that in the future passkeys will completely replace passwords, however we are talking about an as yet unspecified time, as this technology is substantially new to most, also born from a joint effort between various companies, including the aforementioned and Microsoftwho have collaborated side by side with FIDO Alliance.
Currently, therefore, users have the option to keep the use of passwords and see the use of two-factor authentication in addition.
However, in case you are a fan of passwords, but at the same time unaccustomed to using an effective secret key, here are some tips you could follow to raise the level of protection of your accounts:
- always use a long password, which contains letters (upper and lower case), numbers and special characters such as an underscore or an ampersand;
- do not use the same password on multiple accounts;
- use a password manager to store them. For example, on the iPhone there is the Password function, which can only be accessed via a numeric code or facial recognition;
- always pay attention to emails. If you think they are suspicious or potentially phishing, do not open them!
- use two-factor authentication whenever possible.
While waiting for the passkey system to become mandatory, always remember to Never underestimate online security, because in addition to your online accounts, it is above all the security of your personal data. In fact, expert hackers could easily access your bank accounts, address and telephone number.
Is it really worth risking all of this, when with a little more forethought we could fend for ourselves?