Man authenticating with passkey

Passkeys - do they spell the end for Passwords?

In the ever-evolving landscape of digital security, the concept of usernames and passwords has become as ubiquitous as the internet itself. As more aspects of our lives move online, protecting our accounts with these traditional credentials, and trying to remember them, has become part of our daily ritual. However, the complexity of managing passwords and the increasing sophistication of cyber threats have prompted the emergence of a new player in the security game – the passkey.

So what is wrong with usernames and passwords?

Usernames and passwords have long been the gatekeepers to our digital lives. When you sign up for an online service or platform, you create a unique a password in combination to access your account. This two-step authentication process aims to verify your identity and ensure that only authorized users can access personal information, sensitive data, or online services.

The problem with this system is that only a single ‘secret’ is required for a hacker to impersonate a user. Even when used in combination with multi-factor authentication, the secret is stored in session information on the device. Equally, credentials need to be stored and processed by online platforms and credential databases are rich targets for hackers.

What is a Passkey how does it differ from a Password?

Enter the passkey – a fresh take on the traditional password that is being driven by Webauthn. While both serve the purpose of securing your accounts, passkeys offer a new approach to authentication. Unlike passwords, which are often strings of characters, numbers, and symbols, passkeys are a long and complex authentication key that is typically generated as a combination of words, phrases, or images. The main difference lies in the method of authentication; passkeys use cryptographic techniques (public and private key pairs) to create a unique identifier that is stored in the device, making them less susceptible to common hacking methods like brute force attacks. When used in combination with personal devices, such as smartphones, they create a very secure form of authentication that is close to impossible to compromise.

Why are Passkeys important?

Passkeys bring an added layer of security to the authentication process. They reduce the risk of unauthorized access by creating a more complex and dynamic identification method. Additionally, passkeys can be easier for users to remember, eliminating the need for complex combinations of characters. This simplicity can lead to better user compliance with security measures, ultimately reducing risk and improving a business’ security posture.

Which platforms currently support Passkeys?

The adoption of passkeys is gradually gaining momentum, with major tech players recognizing their potential benefits. Platforms such as Microsoft and some online banking services have already integrated passkey authentication options. As technology continues to advance, we can expect more services to follow suit, offering users the option to enhance their security with this innovative approach.

Should I switch to using Passkeys today?

The decision to switch to passkeys depends on your priorities and the level of security you desire. If you have an online platform that would benefit from an extra layer of protection and currently supports the convenience of this easier-to-remember authentication, making the switch might be worthwhile. However, it's essential to consider the compatibility of passkeys with the platforms you use regularly, as widespread adoption is still in its early stages.

Summary of Passkeys and the future outlook

In summary, passkeys offer a promising alternative to traditional passwords, providing enhanced security and ease of use. While their adoption is not yet universal, it's likely that more platforms will incorporate passkey options as the technology matures. As we navigate an increasingly digital world, the evolution of authentication methods, such as passkeys, signals a positive step towards a more secure and user-friendly online experience.

If you would like to find out more about Passkeys and how they can help your business, please feel free to get in touch with us today.

James Naylor

James Naylor is ITbuilder's Managing Director and Founder. He has worked in technology since the early nineties and, after a decade in the corporate world, went into business himself.

James has lead ITbuilder for over two decades, building the business into the force that it is today, but is still a technician at heart and still very hands on with tech.

Despite growing up in Hertfordshire, James lives in the Netherlands for five years as well as London, before returning and setting up the base in Hertford, where he lives today.

More articles from

Back to Blog