What is a passkey and how does it work?

A passkey combines a public and private key; your unique public key is stored by the website, while your private key is on your device, granting access after your identity is authenticated.

Are passkeys more secure than passwords?

Yes, passkeys are generally considered more secure because they cannot be guessed or shared and resist phishing, while also being immune to server-side data breaches.

What are the risks associated with passkeys?

A risk highlighted by security researchers is cookie hijacking, where malware can steal validated browser cookies to gain undetected access to accounts.

Home / Technology / Passwords Are Dead: Say Hello to Passkeys

Passwords Are Dead: Say Hello to Passkeys

8 Feb

•

Summary

Passkeys offer enhanced security by being unguessable and unsharable.
They resist phishing as they are unique to specific websites.
Passkeys cannot be stolen from company servers during data breaches.

Passwords Are Dead: Say Hello to Passkeys

Traditional passwords, despite being notoriously insecure, continue to be widely used. However, passkeys are emerging as a robust replacement, offering enhanced security. Developed by the Fast Identity Online (FIDO) Alliance, passkeys utilize a combination of public and private keys stored on your devices or password managers, linking access directly to your authenticated identity.

Passkeys provide significant security benefits, being impossible to guess or share. Their uniqueness to specific websites also makes them resistant to phishing attempts. Crucially, in an era of frequent data breaches, passkeys cannot be extracted from company servers, diminishing their appeal to cybercriminals.

While passkeys offer a compelling advance, security researchers highlight that vulnerabilities like cookie hijacking through malware can still compromise accounts. These validated cookies allow criminals to emulate authenticated sessions without needing credentials. Experts advise users to opt for the shortest possible cookie session durations and utilize passkeys or strong passwords to mitigate such risks.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.