Passkeys: Extra Safe way to sign-in without remembering complex password
When it comes to online security, most of us rely on passwords and two-factor authentication (2FA). Passwords have been around for over 60 years, but today, they’re just not enough to keep your data safe. They might not be providing the security you think they are.
Passwords are the first line of defense for many accounts, but they have significant drawbacks.
Phishing attacks are becoming more frequent and sophisticated, exploiting the vulnerabilities in password-based security. Here are some startling facts:
- In 2021, over 60% of data breaches involved stolen credentials or phishing.
- Phishing-related data breaches cost organizations an average of $4.91 million in 2022.
- Phishing attacks surged by 61% in 2022, with 255 million incidents in just six months.
Many people use simple, easy-to-guess passwords. Birthdates, names, or even the word “password” itself are common choices.
It’s convenient to use the same password across multiple sites, but it means a breach on one site can compromise several accounts.
Hackers often trick users into giving up their passwords through fake emails or websites. With enough time and computing power, hackers can systematically try every possible combination to crack a password.
Limits of Two-Factor Authentication (2FA)
2FA adds an extra layer of security by requiring something you know (password) and something you have (like a mobile device). However, it’s not foolproof either:
Hackers can convince your mobile carrier to transfer your phone number to a new SIM card, gaining access to your 2FA codes. Even with 2FA, phishing attacks can trick you into giving away your codes.
Passkeys: A Better Option
Enter Google Passkeys—a modern, more secure way to protect your online accounts.
Passkeys are developed by the FIDO Alliance, a group of hundreds of organizations worldwide dedicated to improving online security.
Passkeys make logging in straightforward. No more remembering complex passwords or carrying around a device for 2FA codes.
Instead, you can use your device lock, like your fingerprint, face scan, pin, or pattern to sign in. This makes the process four times simpler than using passwords.
Passkeys are incredibly secure. They use advanced cryptography to protect your accounts and are immune to phishing attacks. Hackers can’t guess or reuse them, making it much harder for your information to be compromised.
Your biometric data (like your fingerprint or face scan) is stored only on your personal device and is never shared with Google or any third-party partners. This means your sensitive information remains private and secure.
(YouTube)
Device Requirements for Passkeys
To use passkeys, your devices need to meet the following requirements:
Mobile: At least iOS 16 or Android 9.
Computer: At least macOS 13 or Windows 10/11 23H2+.
How to Create Passkeys
Setting up passkeys is simple. Here’s how you do it:
1. Go to g.co/passkeys or open “Manage Google Accounts” on your phone.
2. Enter your password to verify your identity.
3. On the next page, you’ll be asked to create a passkey. Click “Continue.”
4. Follow any prompts and use the biometric method your device asks for.
5. Once completed, a passkey will be created for that device.
How Does Passkeys Work
Passkeys use a pair of keys: a public key stored on the server of the website you’re logging into and a private key stored on your device.
Signing In: When you try to log in, the website checks if your public key matches your private key.
Verification: You’re prompted to unlock your device (using fingerprint, face scan, etc.).
Secure Login: If the keys match, you’re logged in, and your private key and biometrics stay secure on your device.
By using passkeys, you can ensure a smoother, more secure login experience without the hassle and vulnerabilities of traditional passwords and 2FA.
