Whether you love or hate Google, it’s indisputable that the search and advertising giant has a massive influence on the technology we use. The company’s push to make passkeys the default method for signing on to its many services is the next step in an industry-wide push to make passwords a thing of the past.
At a recent security conference where I was MC, David Luchi – the Head of Information Security for Wesfarmers OneDigital – said that he worked on the assumption that all passwords, regardless of their strength, complexity or how often they were rotated were compromised. That meant he made certain assumptions about his firm’s security posture. It’s this same thinking that sits behind passkeys.
What are passkeys?
As I’ve mentioned before, passkeys use cryptographic keys instead of passwords that are secured with tools such as fingerprints, facial scans or PIN codes. With a passkey, your password is never actually exchanged with the app or service you’re connecting to. They get an encrypted code that passes a simple yes/no test. If it’s a valid key, the user gets in.
What makes passkeys strong isn’t just they are encrypted – most passwords are encrypted when stored and sent. Passkeys are generated when they are needed and are not reused. If you use a passkey to log into iCloud now and then log in agin in a few minutes, a new passkey is sent. So, even if a threat actor was able to intercept a passkey, they can’t reuse it.
iOS 17, iPadOS 17 and macOS Sonoma. And with Google now enforcing it across all its services, we can expect things to transition towards passwordless authentication.
Microsoft also supports passkeys which means the most commonly used end-user computing platforms all support this more secure authentication method.
What does this mean for users?
There are three things I think we need to consider.
- Passkeys will improve security by making credential theft much harder for criminals.
- Password management will become much simpler for users as they won’t need to remember complex passwords.
- There will be some transitional pain as websites and apps are redesigned and while users learn to use a new system or process for accessing apps and websites.
I believe the benefits that the first two points offer greatly outweigh the challenges of the third point.
From an uptake perspective, the deployment of any new standard is dependent on the support of both the supply and demand side of a market. A scan of the security industry reveals there are dozens of companies trying to cram crack the safe authentication code – systems that are secure but don’t add unnecessary friction to the user experience. Passkeys are a path to a secure, passwordless future.
With credential theft the most commonly used and potent tool in the digital criminal’s toolkit, passkeys will make the hacking of services and personal accounts much harder.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.