Passkeys: The future of secure, seamless authentication

Article · Feb 5, 2025

Passkeys: The future of secure, seamless authentication

You may have seen the term "passkeys" appearing more frequently in tech news, app updates, and security discussions. Major companies like Apple, Google, and Microsoft are rolling out passkeys as a replacement for passwords, promising both enhanced security and a smoother user experience.

What exactly are passkeys, and why are they considered the future of authentication?

With Password Day coming up this Saturday, it's the perfect time to discuss the future of authentication. Passwords have long been the foundation of online security, but they come with significant downsides: they can be stolen, guessed, or reused across multiple sites. Enter passkeys, a next-generation authentication technology designed to replace passwords entirely with a more secure and user-friendly alternative.

Passkeys leverage public-key cryptography to authenticate users without requiring them to remember or type in a password. Instead, passkeys are stored on a trusted device (like your phone, laptop, or tablet) and are accessed using biometrics (Face ID, fingerprint), a PIN, or other device authentication methods. This means no more passwords to remember, reset, or leak in data breaches.

Check out our recent Webinar where we discuss Passkeys

How do passkeys work?

Passkeys function using a public and private key pair:

• The public key is stored on the website or service you're signing into.
• The private key stays securely on your device and is never shared.

When you log in, the website asks your device to prove that it holds the correct private key. Your device then uses biometric authentication (like Face ID or a fingerprint) to confirm your identity, and the cryptographic exchange verifies you without transmitting a password over the internet. This makes passkeys resistant to phishing, credential stuffing, and brute-force attacks.

Pros of passkeys

1. Enhanced security

• No passwords mean no risk of phishing attacks, password leaks, or brute-force attacks.
• Passkeys are unique for every website, preventing credential reuse across multiple accounts.
• Resistant to man-in-the-middle (MitM) attacks because private keys are never shared.
  
  

2. Seamless user experience

• No need to remember or type passwords-simply authenticate with Face ID, a fingerprint, or a PIN.
• Logging in is faster and easier, especially on mobile devices.
• Syncs automatically across devices when backed up in Apple iCloud Keychain, Google Password Manager, or Microsoft Account.
  
  

3. Built-in multifactor authentication (MFA)

• Traditional MFA often requires entering a one-time passcode (OTP), which can be intercepted.
• Passkeys combine possession (your device) and biometric authentication, making them more secure than passwords + SMS codes.
  
  

4. No centralized password database to hack

Unlike traditional login systems that store passwords in a database (which hackers can breach), passkeys store only public keys on websites, reducing the risk of massive data breaches.

5. Reduced risk of social engineering

• Attackers can't trick users into revealing passkeys like they do with passwords.
• Since passkeys are bound to specific websites, even if a hacker creates a fake login page, they won't be able to use the stolen passkey elsewhere.

Cons of passkeys

1. Device dependency

• Passkeys are tied to your device, meaning if you lose access to your phone or laptop, you could have trouble logging in.
• Solution: Enable cloud backups through iCloud Keychain (Apple), Google Password Manager (Android/Chrome), or Microsoft Account.

2. Not all websites support passkeys yet

• While adoption is growing, not every website or service currently supports passkeys.
• Workaround: You may still need to use passwords for some sites while passkey adoption expands.

3. Migration challenges

• Users switching between ecosystems (Apple to Android or vice versa) may need to manually transfer passkeys.
• Solution: Some platforms allow exporting and importing passkeys, but it's not always seamless.

4. Learning curve for some users

• Users unfamiliar with biometrics, password managers, or cryptographic authentication might find passkeys confusing at first.
• Solution: Tech companies are working on better onboarding experiences to help ease the transition.
  
  

What happens if you lose your phone?

Losing your device when using passkeys can be a concern, but here's how to handle it:

1. Use a backup device

If you've set up passkeys on multiple devices (e.g., phone, tablet, laptop), you can log in using another device.

2. Restore from cloud backup

• Apple, Google, and Microsoft automatically sync passkeys across devices using their respective cloud services.
• When setting up a new phone, simply log into your cloud account to restore access.

3. Account recovery options

• Many services still offer fallback authentication methods, such as email recovery, SMS codes, or backup keys.
• Some sites allow you to generate a recovery passkey during setup-store this in a safe place!

4. Remote device management

If your phone is lost or stolen, use Find My Device (Apple, Google) to remotely wipe or lock it to prevent unauthorized access.

Why you should consider switching to passkeys

1. Stronger security than passwords-no phishing, leaks, or brute-force attacks.
2. Faster logins-just use your fingerprint or face instead of typing passwords.
3. No password resets-forget the frustration of forgetting your credentials.
4. Growing adoption-major companies like Apple, Google, Microsoft, and banks are pushing for passkey implementation.
5. Future-proof-passwords will eventually be phased out, making early adoption beneficial.

Passkeys represent a significant shift in authentication, making online accounts more secure and easier to use. While challenges like device loss and adoption gaps still exist, the benefits far outweigh the drawbacks.

If you haven't tried passkeys yet, consider setting them up on a supported website. As more services move toward this passwordless future, early adopters will enjoy enhanced security and convenience while leaving the hassles of passwords behind.

Author

• Jan 27, 2025

  6 ways to get the most from Data Privacy Week

  Data Privacy Week (Jan. 27-31) is an excellent opportunity to reflect on the importance of protecting one of your most valuable assets: your personal information.

  Read now

  Security

  Data security

• Oct 31, 2024

  Nastiest Malware 2024

  As we look back on the cybersecurity landscape of 2024, it's clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI.

  Read now

  Data security

  Security

  Tech Tips

• Aug 06, 2024

  Back to school with AI

  Artificial intelligence (AI) and chatbots like ChatGPT are transforming the way educators and students approach education. It's not just college students leveraging AI to get ahead; high school and even grade school students are using AI resources for their projects and homework. Students can write essays, get math tutoring help, and even create study plans using these advanced tools.

  Read now

  Tech Tips

  Data security

• Jul 05, 2024

  Celebrating AI Appreciation Day

  Celebrating AI Appreciation Day Mark Your Calendars: AI Appreciation Day on July 16! Every year on July 16, we celebrate Artificial Intelligence (AI) Appreciation Day. This is a perfect occasion to recognize and appreciate the incredible strides made in the field of AI. From simplifying everyday tasks to revolutionizing entire industries, AI has become an integral part of our lives.

  Read now

  Tech Tips

  Cybersecurity

  IT Pros

• Jul 03, 2024

  5 ways to attain compliance with India's Digital Personal Data Protection Act (DPDA)

  We're excited to announce our latest data center is now operational in Mumbai. Our new data center is strategically positioned to serve business across India and SAARC region. It enables businesses to store data locally and enables them to attain compliance with India's Digital Personal Data Protection Act (DPDA).

  Read now

  Data security

• Jun 03, 2024

  Empowering families online: Internet Safety Month strategies

  Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we're taking the best precautions to stay safe online. It serves as a reminder for everyone-parents, teachers, and kids alike-to be mindful of our online activities and to take steps to protect ourselves.

  Read now

  Tech Tips

  Cybersecurity

  Data security

• May 09, 2024

  Key insights from the OpenText 2024 Threat Perspective

  As we navigate through 2024, the cyber threat landscape continues to evolve, bringing new challenges for both businesses and individual consumers. The latest OpenText Threat Report provides insight into these changes, offering vital insights that help us prepare and protect ourselves against emerging threats. Here's what you need to know:

  Read now

  Data security

  Security

• Apr 22, 2024

  Protect your data like a Jedi: Celebrating Star Wars Day with Carbonite

  In a galaxy not so far away, a technology company named after a legendary Star Wars element revolutionized the way we back up our precious digital data. Carbonite, inspired by the iconic substance that encapsulated Han Solo in Star Wars, offers a modern solution for safeguarding our data. This Star Wars Day let's explore how Carbonite's cloud backup services can be your trusted force in protecting your files - just like carbonite preserved a galaxy's most infamous smuggler.

  Read now

  Backup and recovery

  Tech Tips

• Apr 03, 2024

  SMB data security

  Imagine this: You've built your small business from the ground up, pouring your heart and soul into every interaction. And then you wake up one morning to a malware outbreak or a system failure that puts your business and customer data at risk.

  Read now

  Data security

  Cybersecurity

  Security