Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

What is a passkey?

The days of remembering a password are on the way out, as your device — phone or computer — become the way to sign in.

We’re not sure we know of anyone who particularly likes the topic of passwords, except maybe people who like breaking them.

Passwords can be a pain in the proverbial. They’re useful, sure, but only properly useful when done right, and unfortunately a “right” password is one that’s complex, individual, distinct and never repeated, and probably impossible to recall.

While good passwords are complex, great passwords can be incredibly difficult to stick in your memory, so it’s no wonder we all struggle and often repeat elements of old passwords. Reusing a password can help make the life of a cybercriminal that much easier, and in turn make our lives subsequently worse.

So what can we do? How can we evolve passwords to the point where they’re better and actually protect us?

From passwords to passkeys

Rather than give you yet another tip on how to make your passwords more complex and difficult for everyone to break, an industry body supported by some of the biggest providers in technology has a different plan.

It’s called a “passkey”, and it’ll be much more convenient for people who struggle with passwords, which is everyone. Instead of an awkward combination of letters, numbers, and punctuation, you can instead use your phone or computer that’s already familiar to you.

Passkeys have big names behind their support, including Google, Apple, Samsung, Microsoft, Qualcomm, Intel, Lenovo, Visa, MasterCard, American Express, and security organisations like Yubico who have been working to secure lives with physical hardware-based passkeys.

The concept of today’s “passkey” isn’t quite like the Yubikey password key Yubico makes, but rather turns your phone or computer (or both) into a virtual handshake for who you are. It’s a form of authentication for the owner of a certain device, which means you reading this on your phone, tablet, or computer.

Where can I find a passkey?

Using a passkey requires a recent phone or computer operating system, so make sure you check if there’s an update for the device you’re using.

In the world of Windows, you’ll need at least Windows 10 and a browser that supports it, such as recent versions of Google Chrome or Microsoft Edge, though more will be coming soon. It’s a similar vibe in macOS, which sees compatibility in macOS Ventura with support in recent versions of Chrome and Safari.

On mobiles, you’ll want at least iOS 16, iPadOS 16, and at least Android 9.

Once you have those, make sure you have the recent updates, and then check if the service you need to login on supports passkeys.

How do I use a passkey?

You might have the hardware and software support on your phone, tablet, or computer, but you’ll also need the passkey support on the services you use. Fortunately, there are a bunch of those, including logins to Apple iCloud, Google, PayPal, and many others.

Using them will often be just as simple as using your device, only instead of asking whether you want to type in a password, they’ll ask whether you want to use a passkey.

When you say yes, make sure you have your phone nearby, and one will work as a form of cryptographic security without really any effort from yourself. A device in your possession acts as the crucial form of security in your life, and sends the message that you are who you are, and that’s it.

And when we say “that’s it”, we mean it.

Are passkeys as strong as passwords?

Passkeys are a form of password-less security, whereby your device acts as your form of identity, encoded with already strong password keys that are in actuality stronger than the passwords you’re making.

That makes passkeys as strong as passwords, if not stronger. We’d definitely say they’re more in the back category, delivering incredibly strong security for a device owner.

What’s more, the login you connect with at a website or service is linked to a device and can’t be phished out, so if you’re using passkeys and are worried about having a scammer pretend to be that service, there’s less of a chance of having login details stolen from you.

Should I switch to passkeys?

If you have it available, switching to passkeys makes a lot of sense, especially if you’re worried about being scammed or having details attacked in a phishing attempt.

Scammers aren’t going to stop doing what they’re doing because it works, with hundreds of millions lost each year. Meanwhile, passkeys will only get more widely used and supported, and now that the technology is available and being used with big services, you can expect more players to jump on the bandwagon and integrate the highly secure technology themselves.

The days of passwords are numbered, and fortunately they won’t need to use that combination of letters and numbers for too much longer. Instead, you’ll be able to rely on your ownership of devices in your life, so keep hold of those like your life depended on it.

Read next