If you’re sick and tired of managing passwords (see our article Take the Time to Do the Right Thing), take a new look at using passkeys and forget about the hassle. A passkey is a pair of cryptography keys generated by your device. A public key and a private key combine to create a passkey that unlocks your account. They may take some getting used to, but the security boost will be well worth the effort.

Microsoft is encouraging everyone to use a passkey when they sign up for a new account, and they’re moving away from the default of passwords for all new accounts allowing you to ditch them altogether. Just as a related side note, when you create a Microsoft account, do not create a local passkey. It will only work on the device you used to create the account, and that will defeat the purpose of being able to sign in from anywhere on any device.

A passkey is a pair of cryptography keys generated by your device. A public key and a private key combine to create a passkey that unlocks your account. If you remember going to your safe deposit box at the bank, you had one key in your possession, and you got a key from the bank for your visit. This is an electronic variation of the theme.

Microsoft introduced passkey support across most of its consumer apps a year ago, eliminating the need for two-factor authentication (2FA) or passwords. Now, it’s encouraging all new signs up to use passkeys as it removes passwords as the default. Websites are increasingly allowing you to passkeys for secure access.

Passkeys and password managers are able to work together for the most part. Usually, the device or software generating the passkeys uses a biometric authentication tool, such as FaceID or TouchID, to authenticate your identity. If your password manager is the passkey source, you can log in with your master password. Passkeys are unique to each app or website and stored in a password manager’s vault or your device’s keychain. Passkeys can also sync across devices, making them a convenient choice.

There are some holes in the passkey strategy that you should be aware of. The websites themselves can be the source of weakness in the security chain. Security experts say criminals can easily get around a passkey by stealing users’ validated browser cookies using malware.

While that puts an onus on the websites  to tighten up their operations, you can help protect yourself better. For example, don’t just accept the website’s data privacy settings when a box pops up on a website. Instead, navigate to the “Cookies” or “User Data” sections and choose the shortest available session duration. That way your cookies will expire automatically or whenever you close your browser window. You can also turn off various marketing and targeting cookies.

Again, passkeys take time to set up, and there’s a learning curve to using them effectively. We believe it’s well worth your time to start using them. Call us – 973-433-6676 – or email us to learn more about passkeys – and how they work with password managers. We can help you select and configure passkeys and password managers together and move you up to the next level of online security.