What is a passkey, and should you use one?
Tired of juggling countless passwords? Passkeys are your ticket to a stress-free digital life
What is a passkey? It’s a fair question, especially if you’ve stumbled across the term during your online adventures. You’ve probably even noticed the option pop up on some of your favourite sites. But what exactly is it? How does it work? And should you be ditching your trusty old passwords in favour of this newfangled tech? We’ve got the full lowdown below…
Oh, and while you’re here, why not check out our guide to the best laptops? After all, you’ll need something to log into with your shiny new passkeys, won’t you?
What is a passkey?
In short, a passkey is a digital credential that’s tied to your account, specific website, or app. Think of it as a super-secure, impossible-to-guess password that you don’t even need to remember. In other words, passkeys are designed to make your online life both easier, and safer. What’s not to love?
Unlike traditional passwords, which can be leaked, guessed, or stolen, passkeys use fancy public-key cryptography to keep your accounts locked up tighter than Fort Knox. The best part? You don’t need to rack your brain trying to remember a complex string of characters — your device’s biometric security (think fingerprint or face recognition), or PIN, does all the heavy lifting.
How do passkeys work?
When you create a passkey, your device generates a unique public-private key pair. The public key is sent to the website or app, while the private key stays safely tucked away on your device. When you want to log in, the site sends a challenge to your device, which your private key then signs. It’s essentially a super-secure digital handshake that proves that you’re you, without ever revealing any sensitive info in the process.
That last bit is particularly clever, as your biometric data never leaves your device. So when you use your fingerprint or face to unlock a passkey, you’re not beaming your fingerprints or face across the internet — you’re just giving your device permission to use the passkey instead. Clever stuff.
Why should you care?
Because passwords are about as much fun as a root canal. They’re hard to remember, easy to crack, and if you’re using the same one everywhere (tut tut), a single breach could leave you exposed to all manner of nefarious characters.
By using a passkey, for example, you no longer have to try and remember if your password is Cat4PrimeMinister123! or Cat4PrimeMinister321! Also, since passkeys are tied to specific sites, even the craftiest of cybercriminals can’t trick you into using your passkey on a fake site.
They’re convenient too — most passkey systems will sync your keys across your devices, so you’re not left high and dry when switching from your phone to your laptop. And, even if a site you use gets hacked, the hackers will only receive a useless public key for their troubles. Your private key stays safe and sound on your device.
Which services use passkeys, and should you use them?
The passkey revolution is already well underway, with big names like Google, PayPal, eBay, and Amazon jumping on board. Even if your favourite sites haven’t adopted passkeys yet, it’s only a matter of time before they join the party.
As for whether you should use them? Yes. Passkeys are safer, easier, and frankly, less hassle than old-school passwords. With all that said, however, we’re still in a transitional phase. Not every site supports passkeys yet, so you’ll need to keep some passwords around for a while. But whenever you see the option to create a passkey, go for it. Your future self will thank you when you’re effortlessly logging into accounts without wracking your brain for that elusive password.
- Read more: How to access your computer remotely