Original Post: What Are Passkeys and Why Are They Important? | NordPass
As the digital world continues to expand and evolve, the need for secure authentication has become more critical than ever. Enter passkeys – a modern solution for secure authentication that provides a safer and more convenient way to access apps and websites.
Today we will delve into the world of passkeys, explaining what they are, how they work, and why they're the future of online security.
Passkeys explained
Essentially, passkeys are a new, more secure and convenient way to sign up for and access apps and websites. Cybersecurity experts tout passkeys as an authentication technology set to replace passwords.
Tech giants such as Apple, Microsoft, and Google are working on passkeys and aiming to make their platforms and accounts password-free. The decision is also expected to be taken up by other members of the FIDO Alliance, which is the driver behind passkey technology, and other companies around the globe.
When passkeys become the dominant authentication method, you will be able to sign up and access online services the same way you unlock your phone — via biometrics. No longer will you need to create, remember, and type out passwords.
Sounds awesome? Well, because passkeys are seriously awesome. Let’s have a peek at how to use passkeys in the real world.
Sign-up experience
Say you need to sign-up for a new online service that supports passkeys. All you need to do is add your email or username and confirm the prompt to create a passkey. Here’s how the sign-up process works with passkeys:
Login experience
Now that you’re signed-up for an online service with a passkey, logging in is quick, easy and secure. All you need to do is tap the suggested passkey for that account and you are logged in.
How do passkeys work?
Understanding passkeys and how this technology works can be somewhat tricky, mostly because passwords have been an integral part of our digital lives for so long. So first let’s recap the old and familiar before getting into passkeys. By the end we should understand the whole passkeys vs. passwords deal and why passkeys are the way of the future.
Password technology explained
Passwords — we know them all too well, and most of us have some idea of how they work. But let’s quickly recap.
Password-based authentication is relatively simple and straightforward. Say you create a password for a new online account. That password is then stored in an encrypted format on a server. When you use the password to access that account, the system compares the password you enter with the one in its database. If the two match — you’re good to go.
Simple, right? Well the catch is that this kind of user authentication presents quite a few serious security concerns. People tend to reuse simple and easy-to-crack passwords for multiple accounts, which is a hacker's dream — crack a single account and you have access to a person's entire digital life. Databases that store passwords can be breached. In fact, Verizon’s Data Breach Report notes that up to 80% of successful breaches are attributed to weak or stolen passwords.
Passkey technology explained
You can think of passkeys as a new and improved type of password. Both are used to verify a user’s identity upon sign up and login. However, the technology behind passkeys operates in a different way.
Whenever you sign up for an online service which supports passkey authentication, two keys are generated — public and private, both of which are used to authenticate the user when logging in.
The public key is stored in the website’s server, while the private key is stored on your device, whether it’s a phone, tablet, desktop, or laptop. Without each other the two keys are useless.
Upon logging in, the server sends a request to your device, and that request is then answered by a related passkey. The user’s identity is also verified on the device level via biometrics. Finally if the pair of keys match you’re granted access to your account.
Passkeys are widely considered to be a more secure and convenient form of authentication compared to passwords, as they reduce the risk of forgetting or reusing passwords. Passkeys are also resistant to phishing attacks as they can’t be stolen from your device by a third-party.
Store passkeys with NordPass
All NordPass users now have the ability to store and manage passkeys in NordPass and use them to access apps and websites. NordPass syncs your passkeys across all of your devices as well as operating systems and enables you to safely share passkeys whenever needed. It is important to note that sharing passkeys is not as easy with alternative systems as it is with NordPass.
At the moment, NordPass Passkeys is available on the desktop app, web vault, as well as on Firefox and Chrome-based browser extensions, while the support for the Safari extension is coming later this year.
As for mobile support, the ability of third-party apps like NordPass to manage passkeys for their users hinges on platform vendors as they need to provide APIs for this purpose. Google recently announced that they will enable third-party apps to manage passkeys on Android by August 2023. We remain positive that other major vendors will provide the same capability in the near future.
If you have more questions about how passkeys work in NordPass, please visit our Help Centre article or contact us at support@nordpass.com.
NordPass Passkeys is just the tip of the iceberg. At the moment, we’re working on a separate service platform, which aims to leverage our expertise in order to help online businesses and other online service providers to integrate the support of passkey authentication. We’re also working on a Passwordless MFA for business, which will allow organizations to authenticate their employees’ endpoint devices and single sign-on applications using only biometrics.
So stay tuned, 2023 will be big for passwordless authentication here at NordPass.