top of page
Writer's pictureLeon Reynolds, Proprietor

Passkeys - what are they and how do I use them


We've all been there: Try to log into a website and cant remember your password. Its written down somewhere right? But still you hit the forgotten password link and generate a new one, create something jazzy (or just use the same one you use for every other site) and that's it - job done. Well, the hackers and steelers out there are happy that's what you are doing and are ramping up their efforts to steal your data whilst the going is good. You see, the going is starting to get heavy for them and you should be making it heavier still by securing your data, your accounts and your money using Passkeys. Passkeys are a much more secure way of logging into a website as it doesn't require you to have a password - that's right nothing to think of, nothing to write down and nothing to remember. So what's the catch? Well, there isn't one really. Only that not all websites have been updated to use passkeys yet, but the list is growing. So how do they work?


How passcodes are more secure

The current password system uses a plain text system that is stored on the server of the website you are accessing. This password file is then 'hashed' in order to hide the details from prying eyes. When the website is hacked, basically what's happening is the hash is being decrypted so your password is revealed to the world - literally, as its usually sold on the dark web. Passkeys are different. The system works by generating 2 keys - a public key and a private one. The public key is generated on the website you have signed up for - say Amazon, for instance. When this key is generated, it also creates a secure private passkey that is saved to your mobile phone or secure USB key. When you then come to sign in, the website will display a QR code which you then scan using your phone and when the public and private keys are matched, you are then logged in. In order to take the scan, you will unlock your phone using the 6 digit code, finger print or facial ID, hence a biometrically secure login. This completely removes phishing from the equation, as a public key cannot be used without its private key partner which is securely saved to your phone - hidden behind your biometrics.

This method of logging in will become ubiquitous in time to come and you can make it happen sooner by activating this service on as many accounts as are available.


Further information on how its works and to see a practical demonstration, go to www.passkeys.com.

38 views0 comments

Recent Posts

See All

댓글


bottom of page