What is a Passkey? Definition, How It Works and More

We Keep you Connected

What is a Passkey? Definition, How It Works and More

What is a Passkey? Definition, How It Works and More
Your email has been sent
A passkey is a specific authentication method that can be used as commonly as a password but to provide additional security. Passkeys differ from passwords as they combine private and public cryptographic keys to authenticate users, whereas a password relies on a specific number of characters.
According to Google, the most immediate benefits of passkeys are that they’re phishing-resistant and spare people the headache of remembering numbers and special characters in passwords.
As passwordless authentication continues to evolve — in response to phishing-related risks — consider using passkeys to implement an added layer of security to protect your online accounts and data.
This article will define passkey technology, explore how it works and discuss the added security benefits of using a passkey.
A passkey refers to a code or a series of characters used to gain access to a secured system, device, network or service. Passkeys are often used in conjunction with usernames or user IDs to create two-factor authentication (2FA).
After you’ve established a passkey, all you need to do is log in to complete the authentication process, typically using biometric data such as a fingerprint or facial recognition. For those who utilize a passkey, logging in becomes a simple, nearly automatic process; for malicious actors, it becomes nearly impossible.
The implementation of passkeys is highly adaptable since they may be configured to be cloud-synced or hardware-bound, contingent on the user’s choices regarding the particular application, service or device.
When logging in for the first time, a user who wants to access an app or website with passkey technology — such as NordPass — will be asked to generate an original passkey. This passkey, which will be required for authentication in the future, can be accessed using either biometrics or personal PINs based on the user’s selection and the capabilities of their preferred device.
Figure A
During this stage, two mathematically linked cryptographic keys are generated: a public key that stays with the website, service or application but is connected to the account, and a private key that stays on the user’s hardware or cloud account. The service or application will send a randomly generated “challenge” to the user’s device during successive logins, which the user must react to by signing in with the private key.
The app or website can confirm the legitimacy of the private key by utilizing the corresponding public key to confirm the response. Access is allowed, and authentication is validated if the user’s verified signature attached to the challenge’s response agrees with the original randomly generated challenge; if not, access is denied.
This authentication process is done in the background, making login on the user’s end seamless — with just the click of a button.
Figure B
The implementation of passkey technology is still developing, but some companies have mentioned the potential for credential sharing amongst users — as long as the actual passkeys are kept safe in the cloud and out of the hands of potential hackers. Since sharing account access with family, friends and coworkers is a very simple and quick process, this feature may improve the overall user experience. However, it is still unclear how this function can be securely managed in a business setting.
Another crucial factor to consider is whether businesses should become even more dependent on cloud providers and give up even more ownership and control over credential management, given that a breach of those parties’ data would, without a doubt, have disastrous consequences.
Hardware-bound passkeys, as opposed to cloud-based passkeys, are stored on security keys, physical hardware authenticators or specialized hardware integrated into laptops and desktops. This means that the passkey is neither transferable nor duplicated. Hardware-bound passkeys can be an alternative for organizations wanting to prevent employees from copying or sharing keys across devices.
In general, both passkeys and passwords can be secure if managed properly. However, security depends on various factors, including the complexity of authentication, implementation and how well users manage and protect their credentials. To be deemed secure by today’s standards, passkeys and passwords should have the following characteristics:
Ultimately, the security of passkeys and passwords isn’t inherently dependent upon the type of credential but instead how they are implemented and managed.
This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays
This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays
What is a Passkey? Definition, How It Works and More
Your email has been sent
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE