What are password keys… and are they really better than passwords for keeping your money safe online?

Security experts are warning that passwords are ‘no longer fit for purpose’ – with password keys set to become the future of keeping your money and personal data safe online.

In 2024, having a strong password is like riding a bike. Almost everyone knows what to do to protect themselves online.

The problem is that all too often human nature wins. Why bother with ‘X*a$86&f’, when ‘password’ is so much easier to remember.

Worryingly, but not surprisingly, the most commonly used password is “123456,” according to password management company NordPass.

The basic advice on creating an uncrackable password is to opt for a random stream of numbers, uppercase letters, lowercase letters and symbols, making them difficult to remember.

Remembering passwords has been made easier with the advent of password managers, software that stores all your login details in one secure place.

But despite this, many still want a better solution as their lives are still plagued by frequent password resets.

Fortunately, there is a solution that is becoming increasingly popular. Passkeys provide an alternative login method that is not as easily compromised.

What is an access key?

Passwords are unique identifiers generated by a user’s device, such as a mobile phone, and associated with the website or application he or she chooses to log into.

They can let you log into an account by simply unlocking your phone, which has access to the passcode. According to proponents of the technology, they cannot be leaked, guessed or stolen.

Using fingerprint scanning or facial recognition verifies that you are in possession of your device and allows the access key to be used.

You don’t need to remember anything to use an access key, and because it is completely unique it can only be used for one account.

The invention of password keys attempts to address the problems with passwords that have led to decades of data breaches.

“Passwords are no longer fit for purpose: they are easily hacked and place too much of a burden on the end user,” said Simon McNally, cybersecurity expert at defense and security company Thales.

‘Our recent research found that 64 percent of customers are frustrated by cumbersome password resets, and with human error still the leading cause of data breaches, this should be a major concern for businesses too.

‘Developments in the field of AI and quantum computing, which will put a spotlight on how and what data is used, only make this more urgent.’

The idea, according to Google, is that passkeys will replace the need to remember long and complex passwords, as well as eliminate the need for ‘plaster’ developments such as two-factor authentication, security questions and SMS verification messages.

In 2022, Google, Microsoft and Apple jointly supported a new login standard, aiming for a ‘passwordless future’.

More recently, password keys have been adopted by companies such as PayPal, Ebay, Amazon and Shopify.

Password keys not only eliminate the need for long and complex passwords, they also provide better protection against fraudsters, hackers and data breaches.

McNally said: ‘Using cryptographic techniques makes password keys harder to crack, making them much more secure. They are also automatically generated and can be stored securely on devices, making it easier for consumers and eliminating the need to create long, complex passwords or phrases.

“Finally, passkeys provide greater privacy by enabling authentication without transferring sensitive information, reducing the risk of data breaches.”

How Widespread Are Password Keys?

Currently, passkeys are still in their infancy, at least relative to passwords. But there is a good chance that an increasing number of online platforms will adopt the technology, making the most of its cybersecurity benefits.

Matt Cooke, cybersecurity strategist at Proofpoint, said: ‘Recently, the use of passkeys has been widely considered more secure than passwords, eliminating the need to set unique, secure passwords and the hassle of remembering multiple login details for different online accounts.

‘However, the adoption of access keys will not happen overnight. The more sites that use it, the better (and safer!) it will be for all of us, but the devices we use to access it also need to start talking to each other to truly create a universal solution for everyone .’

Passwords generally rely on biometrics to confirm that the correct user has access to an account. As a result, devices that do not have access to fingerprint scanners or facial recognition may not support the technology.

Nevertheless, more and more mobile devices have this technology and older devices will gradually fall out of use. In the meantime, there’s still a long way to go before passkeys become widely used, let alone the only option available.

Unfortunately, there are many companies that have yet to embrace the key technology. However, for those who do, it’s easy enough to switch to this login method.

Simon McNally recommends checking your accounts with companies to see if passcodes are supported, while your devices may also have options to create a passcode.

Searching for this in your device’s settings will help you see if your device is supported.