Why Passkeys Are Better than Passwords (And How to Use Them)

No one likes passwords. Users find managing them annoying, and website managers worry about login credentials being stolen in a data breach. The industry has developed a better solution: passkeys.

Passwords versus Passkeys

Traditional multi-factor authentication involves three methods of authentication, at least two of which are required for protection. They include something you know (a password), something you have (usually a code from an authenticator app or text message), and something you are (biometric authentication). Most systems primarily use the first two, but that leaves room for attack because someone could acquire your password and an authentication code through nefarious means.

Passkeys change the model. Instead of how passwords and codes use words and numbers that can be copied and shared, passkeys are pairs of cryptographic keys: a public key and a private key. Websites keep the public key, and the private key is stored securely within a device or encrypted vault, such as in the Secure Enclave in Apple’s chips or a 1Password vault. Authenticating with a website requires providing the private key that matches the account’s public key, something that Apple users with modern devices can usually initiate with Touch ID or Face ID.

Instead of generating security with something you have and something you know, passkeys rely on possession (do you have the device?) and presence (are you physically in front of the device?). This approach is fundamentally more secure than passwords because the private key can’t be phished, copied, or used remotely, and you must be physically present to unlock your device. Nor can you be tricked into providing a passkey to a malicious website. (Neither approach protects against physical coercion.)

Where Can You Use Passkeys?

In practice, since you use passkeys primarily to sign into websites, passkeys are stored alongside account details in your password manager. For Apple users, Safari (in iOS 16 or macOS 13 Ventura and later) with Apple’s Passwords app provides the most integrated passkey experience. However, most independent password managers, such as 1Password, Bitwarden, and Dashlane, also enable you to store, share, and enter passkeys and can take over for or work alongside Apple’s Passwords. They provide consistent passkey functionality across all major Web browsers, although experiences may vary slightly due to differences in how they handle authentication prompts and platform integration.

You’ll also find robust support in the Password Manager built into Google Chrome and other Chromium-based browsers, including Arc, Brave, Edge, Opera, and Vivaldi. Firefox’s native passkey support is more limited, but third-party password managers work well with Firefox. 

Although website support for passkeys was initially slow, an increasing number of sites now support them. That includes the big three of Apple, Google, and Microsoft, of course, as well as Amazon, Best Buy, Discord, eBay, GitHub, Intuit, Netflix, Notion, PayPal, Robinhood, Stripe, Target, Walmart, and WhatsApp.

Setting Up Passkeys

The process of setting up passkeys varies a little by website, but is generally remarkably easy. You may be prompted to create a passkey while signing in, or you may need to navigate to the security options associated with your account.

Google offers both approaches. Setting up a passkey for a Google Account can be as simple as agreeing to do so while logging in. If you’re already logged in, Google’s Passkeys and security keys page lets you make one. Once you click Create a Passkey, you’ll be prompted to save it in either Apple’s Passwords or another password manager like 1Password. That’s it.

Note that if you use both Passwords and another password manager, you can save the passkey in only one, and only that one can use it to sign in later. However, most sites that support passkeys let you add multiple passkeys, so you could save separate passkeys in different password managers.

Signing in with Passkeys

Similarly, using a passkey to sign in is trivially simple. You navigate to the website’s login page, enter your username, choose the passkey sign-in option if necessary, and then authenticate.

Exactly how you authenticate depends on the device you’re using and your password manager. On the Mac, Passwords will ask you to use Touch ID if available (above) or a dialog otherwise (below, left). 1Password, once unlocked for the session, presents a dialog with a Sign In button (below right).

On the iPhone and iPad, an authentication dialog appears at the bottom of the screen asking if you want to sign in with your passkey. Tap Continue and authenticate with Face ID or Touch ID (with a fallback to your passcode if necessary).

Unsurprisingly, Apple makes it particularly easy to sign in to Apple websites like iCloud.com using a passkey. As soon as you navigate to such a site in Safari, the device prompts you to sign in using your current Apple Account username and an implicit passkey.

When using other browsers or another Mac that lacks access to your passkey, selecting the passkey sign-in option displays a QR code that you need to scan with an iPhone or iPad that has the passkey stored on it.

Managing and Sharing Passkeys

As noted, passkeys are stored in accounts managed by a password manager. In fact, passkeys are currently stored alongside passwords in each account. There’s nothing to see or edit, although you can delete passkeys like any other data. Although deleting the passkey on your device guarantees that it can’t be used to sign in again, it’s best to also delete the passkey at the website where you created it to avoid confusion.

Passkeys are automatically synced among all your devices by the password manager so you can take advantage of them everywhere, but note that syncing is specific to just one password manager—for instance, iCloud Keychain doesn’t sync with 1Password or other third-party managers. The authentication method varies by device, but the overall experience remains the same. 

You can also share passkeys with other people in your family or workgroup, just as you would with password-only accounts. They can log in to your passkey-protected accounts because they can prove possession (they have the passkey) and presence (they’re authenticating). In essence, you’re saying, “This person is authorized to act as the account holder.”

Passkey Concerns

Although passkeys are a big step forward in usability and security compared to passwords, they’re not without limitations or concerns, which have slowed adoption:

  • Account recoverability: Because passkeys are tied to devices, if a user loses all their devices and doesn’t have a cloud backup option (such as registering a new iPhone to an existing Apple Account or adding a new device to a 1Password account), it’s impossible to recover an account. This is primarily a concern for those who have only a single device and no one with whom to share.
  • Sharing hurdles: If you want to give someone else passkey access to an account—perhaps a shared bank account—you must log in on their device and then create an additional passkey that is stored on their device. 
  • Lack of portability: Although passkeys can be synced between devices using the same platform (iCloud Keychain, 1Password account, etc.), there’s no way to export a passkey from one platform and import it into another. You have to recreate passkeys from scratch for each platform. Vendors are working on the problem, but as you can imagine, enabling export/import opens up security concerns. 
  • User confusion: People are, understandably, still unfamiliar with passkeys, leading many to avoid them on principle. It hasn’t helped that using passkeys is slightly different on every website. The industry is working to standardize the user experience, but we’re not there yet.
  • Passwords still exist: No major websites allow passkey-only accounts. Since all accounts still have passwords that can be stolen, passkeys aren’t increasing security nearly as much as they could.
  • Enterprise support: Large organizations want to know if a passkey was generated on a secure device, if it can be revoked or rotated, and if the user employing the passkey has truly been verified. Support for these requirements is still evolving.
  • Digital inheritance: When passkey-only accounts become commonplace in the future, passkeys may be more challenging to manage in situations involving the user’s death. For now, the solution is to share passkey-protected accounts with family members in advance using a password manager. The industry would do well to establish standards around this inevitability.

Nonetheless, the perfect shouldn’t be the enemy of the good. Passkeys improve on passwords in both usability and security, and the best way to get to an easier, more secure future is to start using passkeys wherever possible today.

(Featured image by iStock.com/tanit boonruen)

Social Media: Passkeys are finally gaining mainstream traction, with support from Apple, Google, Microsoft, and numerous major websites. Find out why they’re more secure than passwords and how to start using them.

Similar Posts

  • Hey Dora, Follow Orders!

    Last week we talked about how to activate and use dictation to write emails and documents but there is a lot more that you can do. I keep thinking about Scotty from Star Trek when he went back in time and was “**confronted with a Mac Plus**”:https://youtu.be/LkqiDu1BQXY?t=1m8s. He picked up the mouse as natural as can be and said “computer…”. That time is coming and Dictation Commands are already built into your operating system.

    Once you have dictation activated you can activate dictation commands by going to the Accessibility system preference.

    * Choose Accessibility from System Preferences.

    * Choose Dictation from the list on the left side of the Accessibility pane.

    * Click the Dictation Commands button. You can see a list of available commands in the Dictation Commands sheet.

    * A starting set of commands are enabled by default. Additional speakable items like “Open document” and “Click item” are available by enabling advanced commands using these next steps:

    * Select (check) the option to “Enable advanced commands” in the Dictation Commands sheet that appears.

    * Click Done.

    p{text-align: center;}. !http://blog.smalldog.com/images/4710.png!

    After you have enabled advanced commands, you can also create your own commands by clicking the Add Command (+) button. This lets you link a spoken phrase to an app, a menu item, a keyboard shortcut, or an Automator workflow.

    You have enabled Dictation Commands and now you can speak any of the items in this list to perform the related action. Press the Fn key twice, then say a command to make it happen, such as “Search Spotlight for the Cubs score” or “select sentence” or “new document”. Give it a try and pretty soon you will be just like Scotty and the Mac Plus.

    As a shortcut, you can speak the command “Show commands” to see a list of the commands you can say.

  • _Dear Friends,_

    I am off to Daytona for the 75th Bike Week. We went out to the 75th anniversary of the Sturgis Bike Week so it is only appropriate for us to hit the one sort of in our neighborhood, too. We will be riding on our 2003 Victory motorcycles and trying to avoid any big roads.

    Sugaring season in Vermont is well underway and this time of the year in Vermont always reminds me when we used to sugar the old-fashioned way. Now it is mostly pipelines and big sugaring operations but back when we lived in North Wolcott, Vermont I had a big work horse. The horse was kind of untrained but hitching her to the sled with the big heavy sap gathering tank made her behave. We would tap the trees by hand, hang buckets and as the sap began to flow we would tramp through the deep snow to empty the buckets into the tank. One horsepower was a lot of power as the horse would make her way through the sugar maples and the tank got full. We would take it to our makeshift sugaring arch and boil the sap into yummy syrup. Some of the best times! I still prefer the “grade b” syrup over fancy grade.

    This week’s Kibbles & Bytes exclusive brings back the “**Chill Pill six-pack special.**”:http://www.smalldog.com/wag900002006/ These little portable speakers have been around for a long time and I need to reduce our inventory. So, you can get 2 Black, 2 Red and 2 White Chill Pill speakers for only $29 this week. They make great gifts and are great for camping or just hanging out in the yard. Normally, they are $9.99 each but this week 6 for “**$29!**”:http://www.smalldog.com/wag900002006/

  • _Dear Friends_,

    I am in Las Vegas at the Consumer Electronics Show and it is bigger than ever. My Apple watch is happy with all the walking I am doing but my feet are not feeling the love. The show is a great way to see what is on the horizon and of course, I had meetings interspersed with walking the show floor. Naturally, the meetings were far apart so I spent a lot of time walking or on buses or cabs.

    This show is pretty different from previous years but still is window to future products. See my short report below and I will follow up next week in Kibbles with a more in-depth look. This week’s kibbles exclusive special is a “refurbished 13-inch MacBook Air with a 512GB hard drive bundled with Applecare and a 2TB Time Capsule for $1759.99”:http://www.smalldog.com/wag900002113/special-save-150-on-refurbished-mac-bundle-and-keep-it-safe The MacBook Air is one of my most favorite laptops and this refurbished bundle is a great way to upgrade your mac and ensure your data is secure for the new year!

  • Back up for the Holidays

    The Holidays are here and I am sure many of your are busy making memories, thinking about others and capturing as many picture-perfect moments that you can. While you’re busy bustling around, are you taking the time to think about these memories? What would happen if you couldn’t go back and look up those moments? Perhaps now is the time to think about a gift for yourself and taking the time to ensure that all of the perfect moments you are capturing on video and in pictures are being safely stored on your computer.

    I know we talk about this all the time, but it’s surprising how many of us out there keep putting this important step of backing up to the side! The Holidays are the time with some of the best memories, and so many of us are capturing once in a lifetime moments. The last thing anyone wants is to have something happen to those photos. There are so many options for backing up your computer and your important files it can be a little overwhelming. There is iCloud, cloud-based storage solutions from countless companies, traditional external hard drives for back up and more! My preferred backup solutions are a combination of cloud backup and physical hard drives. It might seem a little redundant, but better to be safe than sorry when it comes to important documents and memories.

    For me, iCloud and an external hard drive are my preferred options for backing up. I use my iCloud account to keep my daily life in order, contacts and calendars most importantly. I also use iCloud for storing some of my most important memories and files, select baby photos of my kids and some important documents. The kind of things that should the worst case happen and I lost my computer or drives due to theft or fire I still have copies in the cloud. My preference for my backups is using Time Machine and my “**Seagate**”:http://www.smalldog.com/product/85305/seagate-backup-plus-slim-portable-drive-usb-3-0-2tb-blue hard drives. I keep a different drive for each of my computers and perform fairly regular backups, I am not perfect, so sometimes they are not as regular as I would like. But utilizing these drives allows me to ensure that I have entire backups of my files and data readily available. Before I started to use iCloud I would also have back ups drives of my Time Machine back up, yes, I was and am that paranoid about loosing photos of my kids. I still have a small 20gb drive that contains my oldest daughter’s first year of photos, even though I know all the photos are on my computer and backed up I still won’t delete that drive.

    In the last year we have seen a rise in alternative cloud storage and mobile storage solutions. Many companies like “*Seagate*”:http://www.smalldog.com/category/?mmfg%5B0%5D=Seagate and “*LaCie*”:http://www.smalldog.com/category/?mmfg%5B0%5D=LaCie have portable drives that allow users to access information wirelessly while on the go. This is a great solution for families with large media libraries for movies. The “**Lacie Fuel**”:http://www.smalldog.com/product/85520/lacie-fuel-wireless-battery-powered-mobile-hd-wifi-usb-3-0-1tb is great for just this. Have a long road trip? Load up the drive and the family can access the files from their iPhones or iPads quickly and easily without taking up storage on their devices. Another and perhaps more practical solution is the “**Seagate Personal Cloud**”:http://www.smalldog.com/wag900002041/mac-the-halls-save-20-on-seagate-personal-cloud-home-media-storage-3tb. This drive allows you to back up everything on your computer and access it from anywhere! No need to carry that back up drive along with you, and with tons of storage options little worry about not having enough space. So this holiday season remember, backing up is just as important as capturing those memories.