SoundAuth

Why are Passkeys the new Standard for login?

Why are Passkeys the new Standard for login?
On 5th May 2022, which was also World Password Day, FIDO Alliance-an open standards organization founded in 2012 to solve password and phishing problems, made an announcement that may change our login experience completely in the near future. They publicly announced that soon we will be getting rid of passwords forever and the world will move towards a new passwordless method based on their FIDO Login standard. This announcement was important because their alliance members Microsoft, Google and Apple respectively also announced publicly that they will drive the adoption of the FIDO Passwordless login standard which is also now popularly known as ‘Passkeys’.

If you have seen the clips of WWDC2022 (Apple WorldWide Developer Conference),  they also talked about Passkeys and illustrated its capabilities. By going a little deep down in Passkeys, anybody can easily predict that this is completely going to replace the conventional login methods within the next 2-3 years. 

FIDO Alliance defines Passkeys as a password replacement that provides faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Technology giants such as Apple, Google and Microsoft have worked together as part of the FIDO Alliance to develop the Passkey standard. They made sure to make Passkeys highly secure, cross-platform and user-friendly. 

Why will Passkey be massively adopted?

Passkeys use public key cryptography. Public key cryptography reduces the threat of potential data breaches. When a user creates a passkey with a site or application, this generates a public-private key pair on the user's device. Only the public key is stored by the site, but this alone is useless to an attacker. An attacker cannot derive the user's private key from the data stored on the server, which is required to complete authentication.

But enhanced security may not be enough for wider adoption! What about the user experience? Will Passkey make the user experience more cumbersome like multi-factor authentication?

The best part of Passkey implementation is that it is not going to change user behaviour much. Setting the passkey the first time for your account and then logging in with that method is going to be a familiar experience. A passkey can replace a password and a second factor in a single step. The user experience can be as simple as autofilling a password form.

That adds a great advantage because that will drive user adoption in no time.

FIDO Alliance has dedicated several years towards the formulation of a passwordless authentication protocol that is highly secure and user-friendly and that’s how Passkey has come to reality.  However, there was one significant challenge remaining - smooth and secure synchronization of passkeys and interoperability among devices and operating systems. For wider adoption, it becomes important that a user can sign into services on any device using a passkey, regardless of where the passkey is stored. And that’s where Microsoft, Google and Apple showed commitment to bringing a standard protocol to make sure to cover scenarios like a passkey created on a mobile phone, which can be used to sign in to a website on a separate laptop.

This is one of the rare moments when these big companies came in unison to develop something that will work beyond their ecosystem of devices and applications and work across platforms. This itself shows the commitment of the entire technology industry to boost Passkey as a true replacement for passwords.

How is the journey so far for Passkeys?

In the recently concluded conference, Authenticate 2022 in October, we saw companies like Paypal and eBay have adopted Passkeys and raved about it. 

By seeing commitment from companies and the developer communities, it is predicted that in 2023, greater than 80% of devices will be ready to adopt Passkeys. 

So, we come down to the biggest question- Is your company ready to fly on Passkeys and reap its benefits? Please comment and let us know your thoughts. If you are curious to know how Trillbit through its product SoundAuth is helping companies to implement Passkeys quickly and saving them tons of money, please contact us at contact@trillbit.com.