Are passwords a thing of the past?

You may have noticed the way you log into some popular devices has changed over the last few years, with the introduction of passkeys as an option instead of the traditional password. What are passkeys and are they the way forward??

Passkeys are a way of logging in without passwords. They use something you have (like a USB key or your phone), or recognise who you are with your face scan, voice or fingerprint, to let you into your account. You may already be using one without having thought about it.??

What does this mean for cyber security? Despite the uptake of passkeys, passwords remain the most popular tool for authentication. But scammers are always trying to get their hands on?your passwords, and their jobs are made easier when you don't have strong passwords or use the same password for multiple accounts.?

That’s where passkeys have an advantage. Passkeys are device-specific, and your data is not saved on a website server. So even if the website suffers a data breach, scammers can’t steal your credentials.?

The upside of passkeys?

• Using passkeys can make logging in faster.?

• You don’t have to create, or remember, complex passwords.?

• Passkeys are also phishing-resistant – scammers cannot remotely log in to your account with a password because there is none.?

The downside?

• If you lose access to all your devices at once, it can be difficult to enter your own account.?

• Biometric logins don’t always work and may need you to use your password. For example, when trying to use a finger scan with greasy or wet fingers, or a face scan in the dark.?

• Devices that read fingerprints or can recognise face scans can be more expensive. If you use an external key or a second device for authentication, that is an additional cost as well.?

Does this mean passwords are a thing of the past? We’re not quite there yet.? If done right, passwords can form a strong line of defence. If you use long and unique passwords, attackers can’t brute force their way into your account. CERT NZ strongly advises enabling two-factor or multi-factor authentication on your most important accounts, such as banking, email and social media, to make them more secure.?

Use two-factor authentication to protect your accounts

Most sites and apps that let you use a passkey also require you to have a backup password that helps you recover your account. Not all devices can perform face or fingerprint scans, or take external keys, so passwords remain the most common method of verifying user identity. CERT NZ has a guide on creating good passwords and protecting your online accounts.?

Create good passwords