What Are Passkeys, and Who Should Be Using Them?

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.comNovember 17, 2025
0 1 6 minutes read
What Are Passkeys, and Who Should Be Using Them?
https://www.profitableratecpm.com/f4ffsdxe?key=39b1ebce72f3758345b2155c98e6709c

We’ve been using passwords to protect our various accounts for a few decades now and, to be honest, we’re not very good at it. Many of us use the same simple, easy-to-remember passwords for all our accounts: convenient for logging in, but terrible for security. Not only will a bad actor (or computer) be able to easily guess this password, but they will also try it with your other accounts. Before you know it, you’re facing multiple breaches, some of which may involve financial or private information.

There are of course a number of steps you can take to make your password more secure. First, you can use a complex, unique password for each of your accounts, ensuring that you never reuse a password. A well-designed password can be impossible for a human to guess, and virtually impossible for a computer to guess. But even if a company loses your password in a data breach, using two-factor authentication (2FA) can further protect you. Without a trusted device generating or receiving a 2FA code, your password becomes virtually useless to hackers. And since you didn’t repeat the passwords, they can’t try it on your other accounts. This is what makes this combo a winning strategy.

But many, if not most, of us don’t use this winning strategy. Many are still at risk, or putting their organizations at risk, due to insecure authentication measures. As such, consumers are being pushed to embrace a new form of authentication, something that combines the convenience of passwords with the security of 2FA, all without you needing to remember anything: passwords.

What are passwords?

Passkeys are a (relatively) new authentication method that provides a password-like experience without actually involving a password of any kind. The measure is based on so-called public key cryptography: when you create a new account with an access key, or create an access key for your existing account, a “key pair” is generated. One of these keys is public and is stored by the company that manages the account in question. This key is not a secret and, in theory, could be stolen or lost in a breach. However, the other key is secret. This private key is stored on your device (such as a smartphone, tablet or computer) and is used to actually authenticate your identity.

To create the password, simply use the authentication method built into your device. This could mean a facial scan, fingerprint scan, or PIN. Once you have successfully authenticated, the password is established. To log in later, you simply authenticate with one of these same three methods. If this is successful, the system then checks with the account that holds the public key to confirm your identity, and there you are – no password required.

Your access keys are stored securely on your devices, usually in a “vault” such as a keychain or password manager. Apple generates and stores passwords in iCloud Keychain, for example. If you use a password manager, like Bitwarden or 1Password, you can create and store passwords there. Any device with access to this password manager can then also access the password for authentication.

However, you do not need to log into your accounts on the device containing the password. If you’re using another device, such as a friend’s computer or a tablet that doesn’t contain the password, you’ll have the option to use your trusted device to authenticate. For example, let’s say you want to check your bank account on your PC, but your account uses a password stored on your iPhone. You can choose to authenticate using the passkey device, which will trigger the presentation of a QR code by the account site. You can scan the QR code on your iPhone, authenticate using Face ID, Touch ID, or your PIN, and you’ll log in. This is also how the feature works when logging into accounts on devices that don’t directly store passkeys, like a PlayStation 5.

Are passwords secure?

The short answer? Yes. Access keys are an extremely secure authentication method. While they are path more secure than passwords, they are even more secure than 2FA. 2FA is great, and certainly better than using a single password, but it is possible for attackers to steal authentication codes, especially when those codes are SMS-based. This can be as sophisticated as hacking the platforms that send your codes, or as simple as a phishing scheme: fraudsters can pose as representatives of the account in question and trick you into sharing your 2FA codes with them. As such, 2FA, while secure, has an inherent phishing flaw.

Access keys do not have this defect. You can’t be tricked into giving away one of your passwords, nor can a hacker steal it from your device. The system won’t ask you to authenticate unless you visit the platform’s exact domain, which means scammers can’t create fake sites that trick you into logging in: the passkey process simply won’t start. It is important to note that to log in via password, the trusted device must be physically close to the device you are connecting to. As such, a hacker can’t send you an image of a QR code, trick you into scanning it, and then convince you to authenticate to log in. Unless you’re in the same room as the hacker, they don’t get your password.

What if I lose my device?

One of the most common concerns about passkeys is what happens when you lose the device on which the passkey is stored. After all, if the secret key is kept only on your smartphone, what happens if it is lost, stolen or broken?

What do you think of it so far?

It turns out there are a few possibilities here. Firstly, it is true that there is a risk of losing the password permanently if you lose access to the trusted device. If you choose to store your passwords on a physical security key, such as a YubiKey, you will lose or break the key. will means losing your password. However, depending on the account, you may have recovery options, such as answering security questions to prove your identity. This will of course depend on the case: if your account only has one password configured and that password is only stored on one device, you risk losing access to the account. Check to see if your accounts offer recovery options, or even backup authentication measures. Some accounts may still require you to create a password, even if you opt for passwords, due to this possibility.

But more importantly, you don’t need to keep your passwords on just one device. There are secure protocols that allow you to sync your passwords between different devices. For example, if you create a password on your iPhone, iCloud Keychain also syncs that password securely with your other connected Apple devices, such as an iPad and Mac. This way, when you want to log into your account on any of these devices, the option to authenticate with your password will be available on any one: you just need to use Face ID, Touch ID or present your PIN, and you’re there.

Can you export passwords?

For the moment, no. This is probably the biggest disadvantage of passwords. Unlike passwords, which you can export to other password managers, passwords are tied to the service they are generated with. If you set up a password for your Google account on your iPhone, you won’t be able to transfer it directly to, say, an Android device. If your password resides in Bitwarden, you cannot transfer it to Google Password Manager. As such, you should try to create passwords on the platform you use the most. If you’re fully into the Apple ecosystem, Apple’s iCloud Keychain will work well for you. But if you have a mix of devices from different manufacturers, you’re better off creating passwords on a cross-platform password manager. Of course, you can always authenticate with your iPhone, but the real benefit of passwords is the quick login on a device that already has the password.

This doesn’t mean you have to keep this service forever: you can set up new passkeys for existing accounts on other services, so you can safely dispose of your old passkey devices. However, make sure to keep the old device until you have established the password on a new one. If something goes wrong and you can’t set up a new password on another device, you’ll need the old device to confirm your identity, unless you have another authentication option, like a password.

Passwords aren’t perfect: in practice, they can be a bit complicated, especially when working on different devices. But at their best, they offer both convenience and security. If you’re not particularly tech-savvy, or you’re not fully entrenched in a tech company’s ecosystem, it might be a little too early to get started with passwords. But passwords can keep your accounts secure, as long as you understand these other weaknesses.

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.comNovember 17, 2025
0 1 6 minutes read
Photo of abdulmanannet77@gmail.com

abdulmanannet77@gmail.com

Related Articles

Vicious cycle of alarmism could lead Israel into unwanted war with Iran

Vicious cycle of alarmism could lead Israel into unwanted war with Iran

December 23, 2025
The Trump Admin’s Very Telling Decisions About Which Gov’t Programs to Fund

The Trump Admin’s Very Telling Decisions About Which Gov’t Programs to Fund

October 16, 2025
Venezuela live updates as Trump calls off “second wave of attacks,” meets with oil executives at White House

Venezuela live updates as Trump calls off “second wave of attacks,” meets with oil executives at White House

January 9, 2026
Why I Ditched Paid Productivity Apps for This Free Open-Source Alternative

Why I Ditched Paid Productivity Apps for This Free Open-Source Alternative

July 5, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button