What is a passkey and why is it better than a password?
The UK's National Cyber Security Centre (NCSC) has declared that passwords are no longer sufficient for modern digital security. Instead, they recommend using passkeys, a password-free login method that is stored on your device.
What is a passkey?
A passkey is described as a "digital stamp" that allows you to sign in to apps and websites without entering a password. It uses biometric methods such as facial recognition or your device's PIN to confirm your identity. Each account has a unique passkey, and even if a service is breached, the passkey remains secure because it is stored on your device.
How do you set up a passkey?
You can set up a passkey by going to the account security or privacy settings on apps and websites you already use, or by following prompts from services offering to upgrade your login method. Google reports that over 50% of its UK users have already registered a passkey.
Why are passkeys better than passwords?
Passwords are vulnerable to phishing attacks and can be stolen from databases, whereas passkeys are resistant to such threats. Dave Chismon, a senior tech expert at the NCSC, explains: "Passwords have never been a perfect solution... passkeys are quicker and simpler than remembering a password or going through two-factor authentication."
Is facial recognition vulnerable?
Facial recognition technology has improved significantly, with devices now including "proof of liveness" to prevent the use of static images. However, experts advise keeping your device PIN private to prevent unauthorized access.
What other precautions should you take?
Even with passkeys, maintaining good cyber hygiene is essential. Recommendations include using strong, separate passwords for your email, using a password manager, updating apps and software regularly, and avoiding suspicious emails and links. The most common passwords, such as "123456" and "password", are easily guessed by hackers, making passkeys a safer alternative.
