We’ve all struggled with passwords – forgetting them, reusing them, and stressing over whether they’re strong enough to keep hackers out. But there’s a new and better way to log in to your accounts: passkeys.
Passkeys are designed to be simpler, more secure, and less stressful than passwords. In fact, major tech companies like Apple, Google, and Microsoft are already embracing them – and they may soon replace passwords altogether.
Let’s break down what passkeys are, how they work, how they compare to passwords, and why they’re considered a big advance in internet security.
What Is a Passkey?
TOZO T6 Wireless Bluetooth Earbuds
The Tech Boomer recommends these wireless bluetooth earbuds. Clear, crisp sound—plus they’re easy on the wallet!
View on Amazon →This post may contain affiliate links. As an Amazon Associate, I earn from qualifying purchases.
A passkey is a new way to sign in to websites and apps that doesn’t involve typing anything. Unlike passwords – which are just characters you enter – passkeys are built on cryptographic technology, specifically, SHA256 encryption – see below for an explanation – that works behind the scenes to verify your identity.
Here’s how it works: when you create a passkey, your device generates two related cryptographic keys, also called a “key pair”:
- A public key that’s shared with the app or website
- A private key that stays safely stored on your device
When you try to log in, the website or app sends a challenge, usually a random number. Your device encrypts the challenge and sends it back. The website or app that you’re signing into uses your public key to decrypt the challenge. That way they know that it’s you that is attempting to sign in, as only you have the private key.
This serves to confirm that you are you, as only you would have those ways to identify yourself. (note: If you have given your phone PIN or computer password to someone else, then they would have access to whatever site they are attempting to sign in to.)
And scammers, who will try to get you to sign into a fake website in order to steal your password, cannot do that with passkeys as each key pair is different. The keys for Google will only work for Google. And they are different from the ones for Amazon, which will only work for Amazon.
Passkeys vs. Passwords: What’s the Difference?
| Feature | Passwords | Passkeys |
| User Action | Type in a word/phrase manually | Use biometrics (face/fingerprint) or PIN |
| Stored Where | On the website’s servers | On your personal device |
| Security | Prone to phishing, leaks, hacks | Virtually impossible to phish or steal |
| Ease of Use | Easy to forget or reuse | Easy and quick to use |
With passkeys, there’s no need to remember anything, and the system is much harder for hackers to exploit.
Why Passkeys Could Replace Passwords
1. They Can’t Be Phished
Traditional passwords are often stolen through phishing attacks – fake websites that trick you into entering your login details. Passkeys don’t have this problem since both the public and private keys are site specific. This means that even if a hacker were to get hold of your Amazon public key, it wouldn’t be able to decrypt the challenge. It would only work on Amazon’s site. Therefore phishing simply doesn’t work. As I said, the only way someone else could use your passkey is if they have access to your device. Read more about phishing attacks here.
2. No More Forgetting Passwords
Since your device stores and manages passkeys for you, there’s nothing to memorize or reset. You just use your fingerprint, face scan, or device PIN to log in.
3. They Work Across Devices
Thanks to password managers like my favorite, 1Password, passkeys can sync across your devices. This means you can log into a website on your computer using a passkey created on your phone. For a review of the top 5 password managers click here.
Some Downsides To Keep In Mind
Passkeys are exciting, but they’re not perfect – yet.
- You Need Your Device: If you lose your phone or computer and don’t have a backup, accessing your accounts could be tricky. That is unless you store a copy of your passkey in your password manager.
- Limited Support (for now): Not every website or app supports passkeys yet, though adoption is growing quickly.
- Learning Curve: Passkeys are new, so not everyone understands how they work or how to recover them if needed. That’s the reason for this article.
What Makes Passkeys So Secure? A Quick Look at SHA256
Passkeys are powered by strong encryption – and one of the key technologies involved is SHA256 (Secure Hash Algorithm 256-bit). It’s what helps ensure that your login credentials can’t be reverse engineered or stolen in transit.
Here’s how it works: SHA256 takes input data and turns it into a 256-bit, or in normal speak, a 64 character random-looking string of letters and numbers. This process is one-way – meaning the result can’t be used to figure out the original input.
This is the same way passwords are stored on a website.
For example, using a SHA256 encryption tool found here, the word “dog” is converted into
cd6357efdd966de8c0cb2f876cc89ec74ce35f0968e11743987084bd42fb8944.
And the previous three paragraphs above are converted into
c5487906468014485a8097e31d237e20e6364e6ad82a131b65fbaca9a82a9431.
See? No matter the size of what’s being encrypted, the output is always 64 characters.
Even if someone could intercept part of your login process, they wouldn’t be able to reconstruct your private key. That is stored on your device or password manager and handles everything behind the scenes, using SHA256 to keep your information safe.
The Bottom Line
Passwords are slowly becoming a thing of the past. With better security, no memorization, and a smoother login experience, passkeys are the future of online safety.
If you’ve seen the option to “Sign in with a passkey” on a site or app — give it a try. It might just be the last login method you ever need.
OTC Hearing Aids for Seniors
OTC Hearing Aids for Seniors, Hearing Aid Amplifiers Devices Rechargeable with Noise Cancelling, Superior Sound Quality for Adults Women Men Hearing Loss, Auto On/Off
View on Amazon →This post may contain affiliate links. As an Amazon Associate, I earn from qualifying purchases.
