Heads up: Passkeys are coming soon, and we’re getting a better idea of how and where these are going to start becoming useful for businesses and consumers alike.
If you’re not sure what we mean by a passkey, here’s a refresher: We shared an introduction to passkeys a few months back when we told you that Microsoft, Google, and Apple were working to kill the password.
Recently, Apple announced that passkeys are coming to its mobile and desktop operating systems in 2022 with the arrival of iOS/iPadOS 16 and macOS 13 in the early fall. “Coming soon” has officially been upgraded to “imminent arrival,” and it’s time for businesses to get a handle on how, whether, when, and where they might implement the new tech.
Aren’t passkeys just fancy passwords?
In the sense that they let people log into devices and sites, sure. But in every other sense, no: passkeys are a completely new technology that’s exponentially more secure than the old username + password combination.
Passkeys are the implementation of a technology called FIDO authentication. Instead of using a username and a password, you’ll now use a username and a trusted, pre-authenticated device. For most people, that device will be their smartphone, though other options are available.
Is this really more secure than a password?
Yes: the technical details of how this authentication works are, well, technical. But in a nutshell, once you’ve enabled a device for passkey use, it generates a cryptographic token that pairs with another token generated by the system or service you’re trying to log into.
Your phone has to be near the device (and is detected by Bluetooth), and you’ll usually have to authenticate on your phone using face or fingerprint ID or a PIN.
What you need to know is this: it’s extremely secure and nearly impossible to forge. Unless someone 1) physically steals your phone, 2) can access the phone via PIN or biometric, and 3) is capable of getting your stolen phone close to a device where passkeys can be used, they aren’t getting in.
This means the death of phishing attacks: if there is no password, it can’t be stolen!
We use PCs. Isn’t this an Apple exclusive?
No — and this is really important: Apple has been advertising the feature and pushing it hard, but like we mentioned a few months back, Google and Microsoft are on board, too. They don’t control hardware markets in the way Apple does, so the messaging and rollout looks a little different.
What we know for sure is that passkeys are coming, and they’re device- and OS-agnostic. As long as your PC has the requisite technology (e.g., Bluetooth), you’ll be able to use passkeys as soon as the technology rolls out to whatever service you’re using.
In fact, many PC users can already set up a passkey for logging into Windows itself; they just don’t know it (or don’t know that it’s a passkey because the language hasn’t been played up). It’s called Windows Hello, and it’s available for both Windows 10 and Windows 11.
What about apps and services?
Passkeys work with websites, apps, services, and devices—anything that would’ve required a username and password, essentially. Now, not every technology provider has rolled out passkeys. Many websites and apps aren’t there yet, so right now you may be able to use passkeys for some apps and services but not others.
It’s a little confusing for the time being, but with support from three of the biggest names in tech, the future is nearly inevitable. Passkeys are here, and they’re here to stay.
Our advice? Wherever you can us them, do.
And if you need additional assistance transitioning to passkeys, understanding how they work with your digital infrastructure, or enhancing your security in other ways, we’re here to help. Reach out to our team today!