Hello friends,
I hope you are doing well. Have you been getting notification to save credential as a passkey whenever logging in to Gmail and wondered what passkey is? In today’s post we will demystify passkeys and compare it with password. So without further ado, let’s dive in !.
What is password?
Password are there for ages to verify person’s identity. In ancient time it could have been a keyword to open the secret door. Remember the Bollywood movie where “khul ja simsim” was used to open the door of treasure house.
In digital era, its used to login device, application or website. But, they always carry the risk of being hacked or cracked. To handle these vulnerabilities, security experts came up with requirements like complex passwords or frequent changes. This makes password management harder for users. We all have many accounts, and remembering each password can be quite the task! Yet, even after all these measures, passwords stay vulnerable. Here is a stat from HYPR 2022 State of Passwordless Security Report “89% of organizations experienced a phishing attack in the past year“
Issues with Password
- Difficult to use and remember
- Easy to phish and harvest
- User frustration
Enter’s Passkey: What is it?
Passkey is a replacement of password. When users sign into apps or websites, they can use their device’s biometric authentication. This includes fingerprint or face recognition. Alternatively, they can use a PIN. It also meets the requirement for Multi-factor Authentication (MFA) in a single step. Users don’t need to type a password and then enter OTP to log in. Isn’t that convenient?
How Passkey works?
Passkey uses Public Key cryptography. If you’re unfamiliar with it, think of a lock that has two keys. A public key is used to lock things, and everyone can see it. A private key is known only by the valid user, and it unlocks the lock. Remember, these keys work in pairs. Whatever is encrypted using the public key can only be decrypted by its matching private key. No other key can unlock it. This is called asymmetric encryption because there are separate keys to lock and unlock.
When you register an online service with a passkey, the public key is stored with the service, while your device keeps the private key. During authentication, the service sends a challenge using the public key, and your device responds using the private key. To use the private key, you authenticate with your biometric or PIN. The private key never leaves your device, making passkeys very secure.
Passkey advantages
- More secure, resistant to phishing, credential stuffing and more
- User experience is smooth. You don’t need to remember complex passwords anymore 🙂
- Once registered on one device, the user can use it on other device without re-enrolling
Passkey and Password comparison
| Parameter | Passkey | Password |
| Security | Very high (due to public-private key encryption, not stored or shared) | Moderate (can be weak or reused, prone to breaches) |
| Ease to use | Very convenient (no need to remember, use biometrics) | Hassle to remember and manage |
| Setup | Tied to a device’s biometric sensors or hardware security | Need to be created manually |
| Adoption | New but major companies are adopting it – Google, Apple, Microsoft, Paypal etc. | Established across all platforms and services |
To conclude, as the world moves towards a Passwordless future, passkeys are emerging as the key to better security and user experience. So, the next time Gmail prompts you to enroll a passkey, do it with confidence 🙂
That is all I wanted to cover in this post. I’ll be back with more tech bits soon. Until then, take care and stay safe!
AN IT DIARY of AI, Windows, MEM & PowerShell 