Passwords continue to be both a major weakness for organizational security and headache for users. Managing numerous complex passwords can be difficult even with the help of tools such as password managers and despite implementing safeguards such as Multi-Factor Authentication, passwords and MFA tokens can still be phished.
PassKeys are rapidly seeing adoption across many organizations and service providers as a means of tightening security. PassKeys work by generating a cryptographic key to use as the sign-in method instead of relying on traditional passwords. This enhances security on the account by eliminating the password entirely. Since there is no longer a password on the account, common phishing tactics are eliminated as the attacker cannot retrieve a password from the victim.
There are multiple ways to configure a PassKey. If the application or service you are using supports them, you will have the option to use this method when signing up or changing the login information on an existing account. You will be then asked to select your authentication method, which can be your smartphone, a hardware token, or a password management app. Once the PassKey has been configured, the next time you attempt to log in you will simply be prompted to authenticate the session using your devices biometrics such as a fingerprint reader or Face ID. This decreases the time it takes to log in, improves security on the account through biometric authentication, and importantly removes the password entirely which helps against account compromises.
Many organizations are working towards a future where passwords are eliminated entirely due to the security vulnerabilities tied to them. Microsoft for example, has been pushing towards passwordless login for a few years with solutions such as Windows Hello. This effort will continue to rapidly expand which is why it is important to familiarize yourself with PassKeys and ideally enable them as soon as possible.