Passkeys Gain Momentum as Pilot Programs Launch

Passkeys Gain Momentum as Major Tech Companies Extend Support

Several major tech companies, including Apple and Google, are extending their support for passkeys, a type of digital credential that enables passwordless authentication through private cryptographic keys. This week, Apple announced an API that will allow passkeys to work with third-party software, and it is expanding support for passkeys on its Safari browser. Google also announced that its passkey authentication is now available in beta to over 9 million organizations with Google Workspace and Google Cloud accounts. Passkeys are faster and more resilient to phishing attacks than traditional passwords, as they use unique private and public keys tied to a specific device, and they rely on biometric identification, such as face or touch ID, instead of passwords.

Passkeys Boost Logins and Security

Passkeys have the potential to speed up logins, as users can authenticate with passkeys in an average of 14.9 seconds, half the time it takes to sign in with passwords, according to data from Google. Passkeys are also more resilient to phishing attacks than SMS, one-time passwords (OTPs), and various other forms of multifactor authentication (MFA) because of the use of unique private and public keys tied to a specific device. Passkeys are resistant to phishing because they rely on biometric identification, instead of passwords. The private key never leaves the device, making it impossible to steal, while the public keys reside on both the device and the application or website.

Apple and Google Extend Passkey Support

Apple’s passkey API will let developers integrate passkeys into third-party apps, including password managers, to share passkeys. In contrast, Google now allows users and administrators of Google Workspace and Google Cloud to log in to their accounts with their passkeys. The company sees passkeys as an easier and more secure form of authentication. Passkey technology is based on the FIDO Alliance spec that implements the World Wide Web Consortium’s (W3C) WebAuthn standard. Several large banks, PayPal, Home Depot, Hyatt Hotels, Intuit, and Shopify are already running pilots with passkeys.

Editorial

Passkeys are a significant leap forward in digital authentication, providing faster and more secure access while also being user-friendly. The Apple and Google announcements, along with those of other major firms like 1Password and Dashlane, indicate that support for passkeys is becoming more widespread. The fact that passkeys are more resilient to phishing attacks and that they are based on the W3C WebAuthn standard should help to encourage their wider adoption. For anyone looking to enhance their online security, passkeys are worth exploring.

Advice

For individuals and businesses who want to try passkeys, the process involves generating a public and private key pair. The private key is stored securely on the user’s device, while the public key is shared with the website or application that authenticates the user. The authentication process involves the user providing their biometric data, such as facial recognition or touch ID, and presenting their key pair to the website or application. Those who have not yet considered passkeys should review the technology and search for third-party password managers that support passkeys to make the switch more convenient. By doing so, they can enjoy more efficient and secure online authentication with an added layer of protection against phishing attacks.