Passkeys can be the future of how we sign into a new site, service, or app. It can completely remove traditional passwords and provide us with a passwordless future. Sounds good on paper, but how exactly does it work? Can you use it on multiple devices? Can you use it with a fingerprint scan? Read this passkeys FAQ blog and find all the answers.
What are passkeys?
Passkeys are a new technology; a type of digital credential that you can use as an authentication for various sites, services, and apps that support them. They are passwordless, so when you start using them for a particular service, or website, etc., you won’t need to sign in with your username and password anymore, and instead use the passkeys . It is like a digital personal key that stays on your device and opens all your services. Learn more about passkeys here.
How do Passkeys work?
Passkeys are unique to each website, service, or application, and they can be created on your device (PC, tablet, smartphone, etc) to sign in with a PIN, facial recognition, or fingerprint. Passkeys are more secure than passwords because they are unique to the device too, which makes them resistant to phishing attacks.
Are passkeys the same as 2-factor authentication (2FA)?
Both 2FA and passkeys use two factors to authenticate the user.
In the case of 2FA, we are usually talking about a combination of passwords and SMS codes.
When we talk about passkeys, the 2 factors will be the digital key inside the device, which is unique to the device and to the service it will be used for, and the protection of the device itself. The device protection can be a password, pin, fingerprint, or face scan.
As you can see the two can look very similar, but the passkeys can remove the use of passwords for your daily needs.
Are passkeys faster to use than other sign-in methods?
Yes. You can access your account using passkeys and your device security method (pin, fingerprint, face scan, etc.) in a very quick way. It is faster than manually typing your username and password. If you save your passwords and you use a password manager, then the speed will be more or less the same.
How do I create a Passkey?
- First, the site, service, or app you want to use must support passkeys.
- Then open the site, service, or app, and go to your account settings.
- Create a new passkey (IDO2 security key) from your account settings, using the device you want to add.
- Save your passkey on your device. Now it will be protected by the authentication method your device is using like PIN, password, fingerprint, or face scan.
How do I use a passkey?
- To use a passkey, open a website, a service, or an app that supports passkeys.
- Select the option “Sign in with a passkey”. If a passkey is stored locally and protected by Windows Hello (for Windows devices), you’re prompted to use Windows Hello to sign in. If you select the option “Use another device”, you can choose one of these options: iPhone, iPad, or Android device: scan a QR code with your device.
- Use the security key FIDO2 security key for your account.
If you are using Linux or macOS, the process will be very similar. You will need to use the security vault of the OS you use.
Are Passkeys better than passwords?
Yes! Passkeys are designed to be more secure than passwords because they are connected to the device. The key is inside each device and can’t be taken away. Passwords can be used by anybody who knows them, and, on every device, which makes them far more vulnerable to attacks.
Do I need an Internet connection to use my passkey?
No! You don’t need an internet connection to use your passkey because it’s stored locally on your device. This means that you can use a passkey on your phone to unlock your computer, without the need for an Internet connection. If you want to log in to a site, an online service, or an online application, of course, you will need a connection.
Can I use my passkeys on multiple devices?
Yes! You can use your passkey on multiple devices as long as they support FIDO2 authentication. Bear in mind that each device will have a different key for the same service. That means that you can log in with each of your devices, but first, you will need to create a digital credential on each of them for each service. It sounds a bit time-consuming, but you will only need to do it once per device per service and then you can use the passkeys without problems.
Can I use my passkeys for all websites and applications?
No! Not all sites, services, and applications support passkeys. It might be the only way we login in the future, but this is not guaranteed. There will be many supporters of the previous authentication method of using usernames and passwords, and for sure there will be other new methods too.
What happens if I lose my device that has my passkeys?
If you lose your device that has your passkeys, you can revoke it from your account settings on any other trusted device. It is important to add multiple devices so you can access your account even if you lose your primary device. It is good practice to have a backup device that you can use to access your account so you can remove your lost device and add new devices in the future.
What if my primary device gets stolen abroad? What can I do?
You get a special code for emergencies when you create your new passkey. You should protect this code because it could be your only way to access your account. You should keep it safe and have it with you when you are traveling for additional protection. This could be a big problem for passkeys adoption in some countries where the crime rate is higher.
Can I share my passkey with someone else?
No! You should never share your passkeys with anyone else and you won’t be able to do it. It is a unique key that is connected to your device.
What happens if someone steals my passkeys?
If someone steals your device with your passkeys, they won’t be able to access your accounts without also having access to your additional device protection – biometric features or PIN. That makes them quite safe.
Can I change my passkeys?
Yes! You can change your passkeys from your account settings on any trusted device. You can make new ones, delete previous ones, and manage your devices.
What happens if I forget my passkeys?
Passkeys are not like passwords, and you can’t forget them. What you can forget is your device’s additional protection (PIN, password, biometrics, etc.) or you can forget which device you have used for the particular site, service, or application.
In that case, you can use one of your other trusted devices to remove the problematic device and add new ones if you like. In case you can’t access your account, look for the security code that you received when you first created your passkeys. Use it to reset your account.
Can I use my fingerprint as my passkey?
Yes! You can use facial recognition or fingerprint as your biometric feature for signing in with your passkey. You will still need to create a passkey and keep it on your device, but you will only need your preferred unlock method for your device to authenticate yourself.
What is FIDO2 authentication?
FIDO2 authentication is an open standard for passwordless authentication.
What should I do if I have allowed another person to use their devices with passkeys for my account, can I remove his or her passkeys?
Yes, you can. You can access your account using one of your trusted devices and remove the device of that person from the list. By the way, it is good practice to never allow other people to have passkeys for your accounts. There could always be interpersonal problems that could complicate your digital life.
How do I know if a website, a service, or an app supports passkeys?
You can check their site for information about credential authentication. Usually, it is obvious if it supports passkeys. If you can’t find any information about their use, then it most probably does not.
Are there any disadvantages to using a passkey?
Yes. Just like every tech, this one also has weak points. If your device gets stolen or you lose it, and you haven’t added a backup device to your devices, you might get locked out of your account forever. This could be a huge problem for many users that rely on a single device and have no option for backup.
Do you use the same passkey for all your accounts?
No. You will create a new passkey for each device and each service. Imagine you have an account in X and Y, and you have devices A, B, and C and you want to use all your devices on accounts X and Y. That means that you will have three keys, one on each device for account X and three for account Y. That makes six keys in total.
Can I use my smartphone as a passkey?
Yes. You can use every modern device (computer, tablet, smartphone, etc.) that supports passkeys. Talking about passkeys on smartphones, you can use them on Android 7 and newer and iOS 10 and newer.
We are sure that in the next months and years, there will be many new questions about the use of passkeys. We will continue to update the topic passkeys FAQ and add valuable information.
Keep revisiting this article for the latest information about passkeys.