09/01/24

Passkeys – for a more secure future in 2024

Security is everything when it comes to protecting your data, information and ultimately your business – so anything that will help you achieve this has to be a good thing.

Regular readers of our blogs will be aware of the importance we attach to security and how we are constantly highlighting the shortcomings of weak, ineffective passwords that are often the flimsiest of barriers between staying safe and being hacked.

A vital aid

The relatively new kid-on-the-block in IT terms is the growing use of passkeys in preference to passwords. They are a much more robust defence against attack, to the point where Google, Microsoft, EBay and Uber have all embraced the technology as a way of securing a safer future for themselves and their users. Apple, too, has said passkeys will be incorporated in the launch of their iOS 17, iPadOS 17 and macOS Sonoma.

Google recently announced they were ditching passwords, making passkeys the default option, and so attempting to guide users away from passwords altogether. It means that anyone signing in to Google-run services, including email and YouTube will now get a prompt to create a passkey in preference to a password – although, for now anyway, the user can continue with the password option if preferred.

Passkeys include such things as fingerprint and face recognition, ensuring greater security, automatically logging the user into an app or website, and works by creating a pair of keys – one private, stored on the device and the second public, stored on the cloud.

Better protection

This has the advantage of accounts remaining protected if a server is compromised because a hacker won’t have access to both sets of keys. Passkeys also have the edge over passwords because:

  • Very few users instal the added security of two-factor password authentication 
  • Most users rely on weak passwords
  • Most people use the same password across multiple devices and websites
  • Passkeys are phishing-resistant, whereas passwords are vulnerable to this form of attack
  • Passkeys remove the problem of remembering a number of different passwords or complex passwords containing symbols, characters and numbers

We welcome the fact that Google, along with others, are stepping up the drive to eradicate the use of passwords in preference for passkeys – a move we support wholeheartedly and something we already advocate to our clients as a more effective way of avoiding a breach of their IT security.

We are finding that it has a positive impact on the successful running of businesses and can only be beneficial in the ongoing fight to keep sensitive data and other information safe and secure.