As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them?
A passkey is a digital credential that can only be used by the authorized user. This commonly requires unlocking a device with a biometric marker (such as facial or fingerprint scan) or a unique factor (e.g., a PIN). Essentially, if your device asks for your fingerprint or face scan to “sign in” with Google, Apple, or a social media site, it’s likely to soon ask you to activate a passkey.
Passkeys use was fast-tracked last year when tech giants like Apple, Google and Microsoft announced support for them in their products. Apple made passkeys automatic in its latest iOS releases, Microsoft expanded passkey use in Windows 11, and Google has enabled them in Chrome and Android devices, which has extended them to services such as DocuSign and PayPal. In October 2023, Google started offering passkeys as the default method for users signing into their accounts.
The evolution of passkeys
But, when it comes to passkeys, the devil is in the details. That’s because the term has come to mean different things to different people. Consider Fast Identity Online (FIDO), the open-source authentication standard that provides a way to bind an identity to a device and enable passwordless authentication. FIDO passwordless credentials are often confused with passkeys, and even the FIDO Alliance embraces the term “passkey” to describe FIDO passwordless credentials since the term has gained so much traction.
But FIDO is a single-touch passkeys changing authentication
