On certain websites or applications, are you being asked if you want to create a passkey? In this article I’ll explain what it is and when you may want to use a passkey. To make it shorter, everywhere I say “website”, I really mean any website or application.
Passkeys are not the same as passwords, so please read my article titled “184 million passwords data breach” to understand why you should protect your passwords and what a strong password looks like. Let’s talk about passwords first before describing passkeys.
In most situations, you get to create your own password when creating an account on a website. Imagine your password as a house key that you created. You give a copy of that house key to that website. If a criminal finds your key or the key you gave to the website, the criminal can break into your account. That’s why you need a different key (password) for each website–because if someone has your key they will try it on many websites.
A passkey is not something you personally create or ever get a chance to see. It is a special key created from your biometric information (e.g. your fingerprint, face, etc.) that is already stored into your phone or on a computer that has something like a fingerprint reader.
Without going into the technical details, the passkey is two things: a private key only for you, and a public key for the website. Without the private key, you can’t get into the website. Since you never see the private key, you can’t write it down. The two keys are linked by something called cryptography (cryptography is the process of hiding information).
For Android users, passkeys can be saved in Google Password Manager and for iPhone users, passkeys can be saved in Apple’s Keychain.
Passkeys seem secure and perfect, so what’s the problem?
If I have a passkey saved into my iPhone’s keychain, but I want to log into a website from my Microsoft Windows computer, then I have to install Apple’s “iCloud for Windows” application onto my computer. And it’s even more complicated if I want my husband to be able to use my account on a website, because he doesn’t have my keychain and private key.
I personally use a separate password manager to allow our family to share passwords and passkeys. I’ll discuss password managers in a future article.
Passkeys are much more secure than passwords, but make sure you understand the limitations involved with sharing passkeys between multiples phones and computers. Decide what is best for you and anyone who might need access also.