Passkeys: A Simpler, Safer Way to Sign In
Passkeys – A Simpler and Safer Way to Sign In
Sarah’s “Strong” Password Wasn’t Enough
Sarah considered herself pretty tech-savvy. She worked in marketing, leveraged numerous online design tools, and protected all her accounts with long, strong passwords. One morning, while checking her text messages over coffee, Sarah noticed an urgent text from her bank: “We’ve noticed suspicious activity on your account. Click here immediately to login and review your account.”
Concerned, she clicked on the link. The website looked just like her bank’s—same logo, same layout. Everything appeared legitimate. Worried about the security of her account, she typed in her login and password, but the website responded with an error. She tried several more times but could not log in. Just then, she got a pop-up alert reminding her she was late for a team meeting. “I can fix this later,” she thought, as she prepared to jump on the call.
Hours later, her phone buzzed: $2,000 withdrawn from your bank account. Her heart sank. She called her bank immediately. It turned out that the text message was a fake, something called a smishing scam. Similar to phishing but sent by text, the message led her to a fraudulent website designed to steal her login and password.
Even though her password was long and strong, it didn’t matter—she had handed it right over to the cybercriminal. The worst part? Because Sarah reused that same password across multiple accounts, attackers were able to try it on her shopping, streaming, and even email services. It was going to be a very long day.
Say Goodbye to Passwords: Say Hello to Passkeys
Are you tired of logging in with passwords, frustrated with juggling unique codes and apps to prove who you are? Meet Passkeys: a simpler, faster, and far more secure way to log into your accounts. Passkeys are both stronger and easier to use than traditional passwords—no typing required. All you need is yourself.
What Exactly is a Passkey?
A passkey is a secret cryptographic key pair created by your device, with part stored locally and part with the website. Each passkey is unique to the site you create it for. Once saved to your operating system, password manager, or browser, logging in becomes as simple as unlocking with biometrics—your fingerprint or facial recognition.
- No more remembering complex passwords.
- No more one-time codes sent to your phone.
- Your biometric data stays local and is never shared online.
Some websites may still ask for a password alongside your passkey, especially while adoption is growing. If so, continue to ensure every password you use is unique and strong. By adopting passkeys, you are simplifying your life while protecting against advanced cyber threats.
Guest Editor
Dr. Johannes Ullrich is the Dean of Research for the SANS Technology Institute. He founded and currently operates the SANS Internet Storm Center. A SANS Fellow, Dr. Ullrich teaches web application security (SEC522) and intrusion detection (SEC503). His daily podcast keeps security professionals up to date on the latest cybersecurity news.