top of page

What You Need To Know About Passkeys for Security

Passkeys are emerging as a convenient and secure alternative to traditional passwords for logging into websites and services. Unlike passwords, passkeys eliminate the need for users to remember complex strings of characters and can be used seamlessly with devices like smartphones and laptops.

Leveraging the WebAuthentication or WebAuthn standard, passkeys utilize public-key cryptography to enhance account security. In addition to mitigating the risk of data breaches, passkeys provide an added layer of protection against phishing attacks. Unlike traditional credentials, passkeys consist of a private and public key, with the private key stored securely on the user's device, making it difficult for cybercriminals to steal. By adopting passkeys, individuals can bolster the security of their accounts and reduce the risks associated with password-based authentication. We sat down with Michael Crandell, CEO, Bitwarden, to learn more about passkeys and the level of security that they offer users:

Michael Crandell, CEO, Bitwarden

Are passkeys more secure than passwords and two-factor authentication (2FA)?

Yes. With passkeys, you can quickly create and sign into accounts - no password required - with a much stronger credential that is unique to every website or app you are using. Passkeys are easier to use and also protect against phishing attacks, so users can’t be tricked into giving their password or 2FA codes away to an attacker. Passkeys can have 2FA built-in, like requiring a pin code or biometric scan before they can be used.

Can you share passkeys similar to how passwords can be shared?

Yes. Passkeys will have similar functionality within your password manager as passwords do now. You’ll be able to share passkeys securely within your organization, team, or family.

What happens if you lose a device that has your passkey? The most recent approaches to passkeys enable them to sync across devices. Once a passkey is stored with a passkey provider, like your password manager, that passkey will remain synced across all your other devices, and you’ll have a copy in case you lose a device.

Are passwords and 2FA going away? Eventually, yes, but not for a long time. The transition from passwords to passkeys is beginning now, and we’ll all need to continue to utilize both as passkeys become more widespread.



bottom of page