You probably have online accounts with many companies — and have a long list of passwords to show for it. However, this situation can pose a security risk. For example, at least a few of those passwords could be easily guessable, or might not have been changed for years.
Cue the recent emergence of passkeys, which are stored on devices rather than in online accounts. To log into a website with a passkey, you can use a PIN (personal identification number), a swipe pattern or biometric authentication, such as fingerprint or face scanning.
Overall, passkeys are appreciably easier, quicker and more secure to use than passwords. However, before anyone can use a passkey to ‘unlock’ a website, that site will need to have been updated with support for passkeys. Should you add this support to your own website?
The technical nitty-gritty of how passkeys work
A passkey is, at its heart, a lengthy string of encrypted characters saved to a specific device. However, when you log in with this passkey, that string will not be shared with the website.
Instead, the device will simply report to the website that the authentication process has happened on the user’s side. In response, the site will use a key of its own — a ‘public’ key, compared to the ‘private’ key that is the passkey — to let the user enter.
In May 2022, tech titans Apple, Google and Microsoft confirmed that they were working together to expand passkeys support across a wide range of operating systems and web browsers.
It does bear emphasis that the onus is on webmasters updating their websites to accept passkeys for user login purposes. However, it has become increasingly easy for someone to use a passkey stored on one device to get into a website loaded on another device.
You would therefore have good reason to set up a passkey on your smartphone, given how often you would have this with you anyway. Then, when you want to log into a desktop website, you could do so with the passkey attached to the phone.
Would passkeys support be warranted for your website?
While it is possible for hackers to guess or steal passwords, these same people would not be able to use a passkey without physical access to the device on which it is kept.
Furthermore, with big names in the tech space now encouraging passkeys adoption, it could be only a matter of time before they are used widely.
Admittedly, it could be years yet before passkeys essentially supplant passwords in mainstream adoption. However, by adding passkeys compatibility to your website now, you can help to future-proof it as well as portray your brand as very much forward in its thinking.
You wouldn’t necessarily have to manually add that feature yourself, either — as you could instead trust our web designers with making you a passkeys-ready website.
In putting together that website for you, we can also make sure it continues to leave password entry as a login option for the time being.