“Every year World Password Day comes around, and every year we see the same advice about the need for strong passwords issued. The advice simply isn’t working. Passwords are no longer fit for purpose – they’re easily hacked and put too much onus on the end-user. Our recent Digital Trust Index research found that 64% of customers are frustrated with cumbersome password resets, and with human error still the leading cause of data breaches this should be a leading concern for businesses too. Developments in AI and quantum computing, which will put how and what data is used firmly in the spotlight, only further make this a pressing need.
“If we need an awareness day, it’s time to re-brand and highlight the importance of passkeys. Using cryptographic techniques, passkeys are harder to crack – making them far more secure. They’re also automatically generated and can be safely stored on devices, making it easier for the consumer and eliminating the need to create long, complex passwords or phrases. Finally, passkeys enable greater privacy by granting authentication without handing over sensitive information – reducing the risk of data breaches.
“We’re already seeing great strides in this area, with Google last year announcing that passkeys are now enabled by default for users, with Amazon and Apple adopting too. This is the type of development that needs to be promoted, which is why we strongly believe World Password Day should be consigned to the history books.”
What’s the problem with passwords?
Do you get frustrated at having to create, and remember, long complex passwords? If the answer is yes then you’re not alone. Thales’ Digital Trust Index found that password resets are a top frustration for 64% of the public. They’re not just inconvenient, but a security risk too with traditional passwords easily hacked or stolen.
What is a passkey?
A passkey is a new kind of digital key that aims to replace passwords entirely. Unlike a password, which is a secret phrase or code that you remember and type in, a passkey is a unique digital credential that is stored on your device.
How do passkeys differ from passwords?
Passwords rely on something you know (such as a set of characters or a phrase). These can easily be guessed or stolen, and in many cases used for multiple logins. On the other hand, passkeys involve something you ‘have’ (a digital key or credential), and something you ‘are’ (usually a face ID or fingerprint). These are harder for hackers to steal, and are unique for each site – so even if one became compromised, it won’t jeopardise your other accounts.
What can I do?
This World Password Day is a perfect opportunity to implement passkeys where you can, with many companies have started to make them the default. The steps to get started with passkeys will depend on the accounts you have and the sites you use, but broadly speaking:
- Check your accounts: Companies such as Google, Apple and Amazon, Sony, and Nintendo have started supporting passkeys with their software and services, making it easy to switch.
- Set up passkeys on your devices: Whether it’s your phone, tablet or computer go to the security settings and search for an option to create a passkey. Depending on your device this could be in security settings or sign-in options.
Set up an authentication method: If your device or OS supports this, then you’ll need to set up an authentication method. This could be a fingerprint or a facial ID.