As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.
Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a banking app — there was an implied emphasis on convenience rather than security.
Until very recently, hardly any of the services I’ve used communicated its benefits in terms of greater security. Plenty of services compel customers to reauthenticate with their password periodically to allow for continued logins using biometrics. This completely misses the point.
A vague sense of passkeys’ convenience being more relevant than their security is one thing. An impression that they’re actually less secure is another.
This recent LinkedIn poll by Auth0 compelled me, in part, to write this piece.
The fact that the extra security benefits come only third in the poll is striking. My colleague Jeff Crume has recorded two excellent videos on the topic here and passwords passkeys familiarity
