Passkeys – a more secure alternative to passwords
More and more online services are offering passkeys as an alternative to traditional passwords. This article explains how to log in without a password and shares tips on how to use passkeys securely.
What are passkeys?
The term passkey is a portmanteau of the words “pass” (in the sense of access) and “key”. So, a passkey is a digital (cryptographic) access key. Strictly speaking, it consists of two keys that need to match: One key is stored on your device (smartphone, tablet or PC), while the other is kept with the online service. You can only log in if both keys match.
What are the benefits of passkeys?
With passkeys, you don’t need to think up, remember or enter a password. This makes them much less vulnerable to phishing attacks, as there are no login details that can be intercepted or entered on fake websites. Passkeys are created automatically and use the unlocking mechanism you already use on your device – for example Face ID, PIN or fingerprint.
How do I use a passkey?
You first need to register once with the relevant online service. During this process, a secret key is stored on your device, and the corresponding key is stored with the online service. Once you’ve set that up, you’ll be able to log in just using your fingerprint or face scan. In the background, the system automatically checks whether the two keys match.
Where do passkeys come from?
Passkeys were developed by the FIDO Alliance, an international industry association backed by a wide range of technology companies, financial institutions, service providers and government bodies. Their aim is to develop secure, passwordless login procedures that work seamlessly across different devices and services.
Five tips for using passkeys securely
- Keep your device secure.
Since passkeys are stored on your device, a strong device lock is essential. Use a secure PIN or biometric protection such as fingerprint or face recognition. If you lose your device, immediately make sure others can’t access it.
- Set up account recovery options.
If you lose or replace a device, you can only regain access to your passkeys if you have recovery options in place – for example a backup or a second device.
- Combine passkeys with additional security features.
Many services offer extra safeguards, such as notifications or two-factor authentication for actions requiring a high degree of security. They provide an additional layer of security.
- Only use passkeys on trusted devices.
Ideally, you should only use passkeys on your own devices. Public or shared devices are not suitable for storing this type of access data long term.
- Stay alert to phishing attempts.
Even though passkeys offer better protection against phishing, it is still important to remain cautious. Only download apps from official app stores and always check a website carefully before entering sensitive data.
Contact
Tanja Beller
Press spokeswoman
