The average individual has 100 passwords to remember, according to a NordPass study. Apparently, no one has studied how many we actually remember versus how many we reset over and over. No matter. New developments could save us from having to remember passwords altogether, as major players are moving to a single passkey sign-on approach.
What is passkey sign-on?
Apple, Google, and Microsoft have joined forces to support “passwordless” sign-in across all their mobile, desktop, and browser platforms. The initiative, announced in May to coincide with World Password Day, is expected to roll out in 2022/23.
What does passkey login involve? Users choose a physical device to use to authenticate them on apps, websites, and other digital services. For many of us, this would be a mobile phone. You’d unlock the phone as you normally do. Then, you could enter a PIN, draw a pattern, or use your fingerprint to sign into the digital services you need.
To put it simply, it’s a four-stage process:
- You navigate to the site or app or service you want to use.
- You approve access using your passkey device.
- A public passkey (mirroring the private one on your device) is shared.
- Login is completed.
You don’t need a password, because the login is done using a cryptographic token (the passkey). Your selected device shares that passkey with the website, app, or other online services.
Advantages of the passkey
Using a passkey means you need to remember only the one PIN or pattern to unlock access … or have fingertips! And you don’t have to come up with a complicated passphrase either, which means no more frustrating upper and lowercase character, number, and symbol combo.
The passkey sign-in method is touted as more secure. Passwordless authentication makes it more difficult for hackers to compromise login details. After all, they would need access to the physical device you use to access digital services, apps, and websites.
You keep personal information safe and cut password vulnerabilities that plague us today:
- Phishing attacks, which use fake websites to capture login details, won’t work.
- Brute-force attacks, which use trial and error to guess credentials, won’t get anywhere.
- Spoofing your device will no longer work, as the passkey device must be near the computer.
Another plus? Passkey security is being set up to offer multi-device authentication. You’ll be able to sign in to an app or service from almost any device, and it won’t matter what platform or browser you’re using. So, you could sign in to Google Chrome and run Microsoft Teams using your iPhone, for instance.
Making the most of multi-factor authentication
Passkey security will use a FIDO standard to authenticate you in different contexts. This is a passkey protocol already supported in some online environments, but major players are now coming together to make it more widespread.
With a passkey that is unique to you, you’ll no longer have to worry about keeping track of multiple passwords.
Still, until this technology is available, you’ll want to protect your online activity. Our experts can help secure your home networks and set you up with a password wallet. Contact us today at (515)422-1995.