If you’re up to speed on the news that support for passkeys is coming later this year, then you likely already know what a passkey is. But how can a passkey help you stay safe online? Let’s take a look under the hood at passkey security, how it works, and how it can protect you against dangerous phishing attacks.
Passkeys are based on strict security standards
Passkeys come in with built-in security advancements that give them a leg up over passwords. For starters, they are based on Fast Identity Online (FIDO) authentication, which is resistant to phishing as well as some other forms of attack, such as credential stuffing. (The FIDO Alliance is an open industry association, established in 2013, that aims to develop and promote authentication standards that help reduce the world’s over-reliance on passwords.)
When you set up a passkey for an account on a website, for example, that passkey is actually composed of a cryptographic key pair. One half of this pair is the public key, which is stored on the website’s side. The other is a private key, which lives on your device. Both of these key pairs rely on the strong user authentication framework of FIDO2, giving you access to some of the most powerful and secure passwordless authentication technology available. They also take advantage of the Web Authentication API, usually known as Webauthn, a core FIDO2 component that many website and app operators already have in place.
The passkey authentication process all happens under the hood, of course, so you won’t actually see it taking place. But one thing you will notice is that each passkey is unique to the app or website it was created for. Because of that, it won’t be possible to re-use one passkey across multiple sites. This means it’s about to get a lot harder for cyber criminals to use stolen credentials to compromise your accounts.
Passkeys will make it easier to protect yourself online
Password hygiene is a real and enduring problem. People have a hard time keeping track of all the passwords they use, so they re-use the same one for multiple websites and apps. If you do this, the good news is that you’re not alone. Password anxiety and fatigue are understandable, and even people who understand the risks often fall into these habits from time to time. The problem is that these behaviors also put your online accounts at grave risk of being attacked or breached.
So are passkeys really better than passwords when it comes to preventing a cyber attack or identity theft? In a word, yes. Each time you create a passkey to log into a website or an app, that passkey is unique to that site or app by default. It’s not possible to re-use a passkey you created for one site at a different site, so you won’t have to worry about bad hygiene compromising your security in the same way.
On top of that, passkeys do all of this without adding to the overwhelm you may already feel when it comes to logging into your online accounts and keeping them secure. In fact, a passkey can streamline the process and make it easier to stay safe on the internet. For example, you can automatically create, store, and use passkeys everywhere you already use LastPass – no matter what device or operating system you happen to be on. Once you’ve created a passkey for a website, LastPass neatly handles the rest for you from behind the scenes. This way, you can just get back to what you were doing instead of wasting time trying to figure out how to log into your account.
Passkeys will strengthen your overall cybersecurity
As major tech companies prepare to roll out support for passkeys, you’ve no doubt heard the buzz about them. The future of cybersecurity is passwordless, and passkeys are going to open the door to that future. What makes passkeys so valuable is that they do a much better job of protecting you from phishing attacks and other cyber threats than passwords.
What’s more, passkeys make it easier for you to do your part in keeping the internet safe. Since you’ll be using a unique passkey for each website or app where you have an account, it won’t be possible to re-use one passkey across multiple sites or apps. And with a password manager automatically filling in your passkeys for you everywhere you go, you will actually find this process convenient.
With these advantages, passkeys stand ready to strengthen your cybersecurity in a significant way. If you haven’t started getting ready to use passkeys, now is an excellent time to get up to speed on how they can make your life safer and easier.
Discover how LastPass enables you to go passwordless.
