We all know passwords. They are things we type after we type in the username to access any website.
They can be easily stolen. Or hacked. or forgotten.
When they were introduced, they were considered the panacea for all security issues.
Decades later, we know that is not how it quite worked out. People tend to use the same password across all their websites. This means that if there is a data breach at one company, say, Toyota, then all these
Things we do to improve security
Over the years, here are some things that have been done to improve the security of websites.
2FA or two factor authentication
In this, after we type in our password, we need to provide a onetime password (OTP) that comes on any other device. It could be an email or phone-based OTP.
Password Managers
Because most people tend to forget their passwords and keeping them written down is risky, special technology products called password managers store our passwords in a secure way. These password managers are on our device and fill the password for the user when the need arises.
Password policy
It is recommended that passwords should be changed often. That way, even if there is a breach and the password is leaked, the old password cannot be used to get into the system.
Most of us, however, don’t do this. We keep our old passwords.
So, companies have something called password policy. Banks also have password policies for their users.
In this, a password necessarily has to be changed after a certain period. The user is prompted to change their password a little before the due time (can be anything from one month to six months.
Further, password policies ensure that passwords are at least x characters long, and have some complexity like a mix of numbers, upper-case and lower-case letters, and special characters.
These safeguards make the password hard to guess.
So, what are passkeys?
Passkey is another passwordless entry technique. It was announced by Apple last year and currently, Google is implementing it for some users.
After that, Microsoft is also scheduled to start its use.
When you operate a locker in India, there are two keys. The bank manager puts one key in its slot, and then you insert your key.
This has the following features:
A. Physical proximity (closeness) – The bank manager and you need to be in the same place to open the locker.
B. One can be compromised or stolen, but not both – the bank manager might lose the set of bank keys. But the thief cannot reach your key, because it is secure in your keychain.
To this, we add one more feature: Your keychain is linked to you. Meaning, wherever your account is, your passkey will be available to you there. If you forget the keychain at home, that’s fine. You can authenticate yourself to the bank manager using your own biometrics or other features.
This, in short, is passkey.
This video explains it well.
While there is an alliance that is working to create passkey infrastructure, Apple is making its own system. The important thing is that passkeys will be interoperable – You will be able to connect an Apple device to sign into Gmail, gmail into MS, and so on.