Using strong and unique passwords is an important part of anyone’s online security. As long as they are strong enough, they keep our accounts safe.
Passwords, however, are not ideal in all circumstances. They have clear downsides, and hackers can often take advantage of those downsides. Many security professionals are now recommending that the world move from passwords to passkeys. Access keys offer similar benefits to passwords, but are potentially more secure.
So what is the difference between a password and a passkey? And which one should you use to protect your accounts?
Why are passwords insecure?
Passwords are the main concept that allows Internet users to keep their online accounts private. As long as the password is known only to the account holder, no one else can access the account. The problem with passwords is that they also have inherent flaws.
Passwords are created by users and are often chosen based on ease of use, rather than how secure they really are. Passwords are often too short, allowing them to be cracked by software. Passwords are often easy to guess because they are based on personal information or popular words. And passwords are often reused across multiple accounts, allowing a single hack to wipe all accounts.
Passwords are also easily stolen; so much so that they can be revealed if the user visits a phishing page or submits personal information to any compromised or insecure service.
It’s possible to protect your accounts using nothing more than a password, but it requires a level of password discipline that many people don’t practice. This causes people to lose their accounts and, depending on the nature of those accounts, their personal information and bank balance.
What are passkeys?
Access keys are an alternative to passwords. Instead of entering a password, access to an account is granted by what is known as an authenticator. This authenticator is usually another device in your possession, such as a smartphone or laptop.
When you use a passkey, you’re prompted to sign in to your device instead of the account you’re trying to access. This can be done by entering a PIN on your smartphone or using biometric data.
The account is then granted access because you are in possession of your device and not because you provided a password.
The advantage of access keys is that none of the disadvantages of passwords apply. Unless an attacker has both your authenticator and the ability to open it, it is impossible for an attacker to access your account.
Phishing attacks are no longer possible because there are no passwords to steal. The access keys cannot be guessed or cracked by software either. Anyone who uses a password won’t lose their account because they didn’t choose a strong enough password.
Access keys are also potentially easier to use. You don’t need to remember many different passwords for different accounts, and logging in with one access key is often faster.
Should you use passkeys?
Access keys are now compatible with a wide range of websites. However, most small account providers only accept passwords.
While access keys are expected to eventually replace passwords, it’s not yet known when that will actually happen. Regardless of the superiority of passkeys, most people are not going to switch account providers to use them.
Whether or not you should eventually switch to passkeys depends on how you currently use them. Whether you have strict password discipline is really a matter of personal preference. Strong, unique passwords will always be an effective way to prevent attacks, and there’s no reason to change them if you like them.
However, if you have a tendency to use weak passwords or reuse passwords between accounts, it’s a good idea to make the switch. You will benefit from higher levels of account security.
Are master keys about to become mandatory?
Many websites place restrictions on the type of password you can use. You may need to use a specific length or a combination of numbers, symbols, and letters. Many websites also make the use of two-factor authentication mandatory.
No one knows if passwords will go mainstream. They’re still a somewhat new concept, and unlikely to become mandatory any time soon. But as its usage increases, and the occurrence of hacks decreases accordingly, users may not be given a choice if they want to use a particular service.
While preventing users from making their own decisions is obviously not ideal, the number of people getting hacked due to weak passwords is also not ideal. Any policy that makes people’s accounts more secure is potentially welcome.
What if you want to keep using passwords?
Access keys are meant to fix password weaknesses, but they’re not strictly necessary if you use them correctly.
If you don’t like the idea of passwords, here’s how to continue using passwords without putting your accounts at risk.
- Use a long password that contains random letters, numbers, and characters. This prevents a hacker from cracking or guessing the password.
- Use different passwords on all accounts. This prevents a hack on one account from affecting all of your accounts.
- Worried you can’t remember all your passwords? Try a password manager, one of the smartest ways to store login credentials.
- Beware of phishing. As long as you understand what phishing emails look like, you’re unlikely to fall for one.
- Use two-factor authentication. This is similar to passcodes in that it also requires a hacker to access your device to access your account. Protects against cracked, guessed or stolen passwords.
Access keys are superior and about to become widely used
Any online account is a potential target for hackers. While a strong password provides an adequate defense, the invention of passwords gives Internet users a superior option for keeping their accounts secure.
By opting for passwords, you won’t need to maintain a list of passwords and the threat posed by phishing is likely to be limited to stealing personal information rather than account hacking.
If you want to use passcodes now, a wide variety of online services have introduced them. The availability of access keys is constantly increasing and soon anyone will be able to do without a password, regardless of the online services they use.