2024 marks the beginning of a new era, bidding farewell to an old friend – the humble password – and embracing passkeys as the innovative gatekeeper of our digital security. Say goodbye to the days of cumbersome passwords and welcome a secure, convenient, and seamless login experience.
For years, passwords have played a vital role in safeguarding our digital identities and protecting our personal details, financial transactions, and other digital assets. However, as cyber threats have evolved, passwords alone are no longer sufficient.
Based on the increasing ease in breaking passwords (or stealing them with usernames), the New Zealand Information Security Manual (NZISM), the government security rulebook, recommends a complex password length of ten characters, and Australia’s counterpart, the AISM, recommends sixteen characters. This increased measure drove businesses and individual users to subscribe to password managers in order to create and organise passwords for us.
However, not all users rely on password managers. Multifactor Authentication (MFA) lets us use our common eight-digit password, which is more secure but adds an extra step and, as a business owner, can cost you money. Enter passkeys – dynamically generated authentication keys that revolutionise the concept of password cracking.
With the rise of remote work and digital banking, we need robust, user-friendly security. Passkeys address both concerns, providing enhanced security without the inconvenience of manual password management. You are probably using it already without even recognising the term. Using passkeys is straightforward; your fingerprint, facial recognition, PIN or pattern unlocks access securely. Unlike passwords, there’s no need to memorise or write them down, eliminating common security risks.
All of the work is done in the background using private and public key cryptography. For example, the website you are visiting sends an encrypted challenge to your device
(computer, tablet, or phone) where you scan your face, fingerprint, or PIN, which the private key decrypts and sends a response back to the website for verification. If there’s a match, you’re in. It’s actually more complicated than that, but this is what you see.
You may have seen this the first time you signed into Netflix or another application using QR codes on Smart TVs. If you have a Netflix account, for example, and you try to sign into it on a TV, you are presented with a QR code to scan using your smartphone to authenticate your account. You may also be using Apple iCloud Keychain or Google passkeys. All businesses, especially those in e-commerce, will see a number of benefits from adopting passkeys, including higher login success, reduced drop-off rates, increased conversion rates, and reduced costs of separate two-factor authentication.
As we enter the new year, we will see a greater movement to passkeys – passwords have served us well, but as we evolve, so should our security measures. You can start your journey away from passwords, making your users’ digital lives easier and more secure. Welcome to the era of passkeys!