Passwords are often insecure and the best passwords can also be stealed. You are safe with passkeys. These are almost incredible keys that are stored on your smartphone and used for logging in. Read here exactly how you work and what you need to know.
Fido: Google, Apple and Microsoft want to abolish passwords
Passwords are internationally as a standard for logging in on websites, in apps and for many more. Only those who know the user name and password get access. But in order to have your own, safe password for each side, users need password managers on all of their devices. This is too complex for many, so that they mostly use the same, often unsafe passwords on all sides. Cyber criminals have an easy game. And even safe, individual passwords are not perfect protection, because hackers steal them or crack them with brute force attacks. So far, however, there has been no simple alternative. This change Google, Microsoft, Apple and many other companies now: Fido-Passkeys should make registrations easier and safer!
In the meantime, almost all major websites have registered by passkeys. In addition to Google, Apple and Microsoft, many other Internet services also offer logging in with the password alternative. The FIDO alliance expects for 2025 that every fourth of the 1,000 most used pages on the Internet enables PassKey registrations. The most important sides are already there, such as Amazon, PayPal, Ebay, Tiktok, Uber and many others. Retail and travel industry have already announced that they want to follow up on a large area in order to better protect their customers’ personal data. This counteracts the increasing threat that hackers are given access to the accounts via social engineering. The Passkeys makers also expect that more banks and financial service providers switch to Passkeys to offer more security.
Not only the registration on websites is more secure by passkeys, they also represent an alternative to authenticating for payment transactions. Because every payment requires confirmation of identity. This used to be over SMS, which can now be easily intercepted. Many banks today have their own app for confirmation. Passkeys do without an app and do not need one -off codes or the like that can also be intercepted.
- The user no longer has to think and notice passwords.
- Passwords can no longer be stolen – neither with the user nor with the provider, since both keys are always required for registration. If a hacker steals the public key on a website, he lacks the private counterpart. This cannot be created from public. If criminals succeed in stealing the private keys of a user, he must first recognize them as such – the keys are cryptic string chains – and then do not know which websites they are for. He also lacks the associated smartphone.
- The keys are automatically safe and cannot be guessed.
- Login will be easier: Confirm briefly on the smartphone and you’re done, no search for the password, no password-forgetting function, no confirmation by email.
If you have registered on one page on the work Mac, you would of course want to continue to be able to do this on the private Android smartphone. The FIDO keys are therefore saved in your Google, Microsoft or Apple account and if necessary, the operating system creates a copy of the key to transfer it to the other operating system worlds. When switching between the worlds, additional confirmation may be necessary. The rest works automatically again. It should even be possible that you register on one page on a friend’s PC, your smartphone is automatically recognized via Bluetooth and you just have to confirm.
Are existing registrations adopted?
Providers who support FIDO will create opportunities to switch existing accounts to Fido. How exactly this works and whether this also replaces the uncertain password depends on the provider.
Since the Passkeys are saved in the Apple, Microsoft and Google user accounts, they can be restored when the smartphone is stolen or damaged. So you don’t need to fear that you are locked out by your accounts at some point.
