Home / Technology / Passkeys: The Future of Secure Login is Here
Passkeys: The Future of Secure Login is Here
22 Mar
Summary
- Passkeys are tied to devices, making them harder to guess or share.
- They resist phishing by being unique to specific websites.
- Validated browser cookies can still be hijacked by malware.
The era of traditional passwords may be ending with the rise of passkeys, a more secure login method developed by the FIDO Alliance. Unlike passwords, passkeys are linked to your devices, making them virtually impossible to guess or share. They also offer robust protection against phishing attempts due to their site-specific nature.
Passkeys cannot be stolen from company databases, a significant advantage in an age of frequent data breaches. Companies like Microsoft and Amazon are actively integrating passkey support. Setting up passkeys involves a combination of a public and private key, with the private key stored securely on your device or password manager.
However, security researcher Trevor Hilligoss points out a critical vulnerability: malware can steal validated browser cookies, effectively hijacking an authenticated session and bypassing passkey or password protections. He advises users to select the shortest available cookie session durations on websites to minimize this risk.
Password managers are increasingly supporting passkeys, with options like NordPass and Proton Pass helping users manage both old credentials and new passkeys. Built-in solutions like Apple Passwords and Google Password Manager also aid in storage.
