What Are Passkeys? Will They Truly Replace Passwords?

The web constantly changes, but some things manage to stay the same for a long time, like passwords, which have always been essential for any website with login functionality. This changes now thanks to the FIDO Alliance and the WWW Consortium, who, in tandem with the biggest tech firms in the world, have developed a new passwordless way of logging in. So what are Passkeys?

What are Passkeys? Will they truly replace passwords?

First of all, let’s start with the basics: the new WebAuthn standard allows users to completely ditch passwords in favor of a new type of authentification based on biometric data. And Passkey is just Apple’s name for it. If you’re an Apple user, you can make use of the WebAuthn standard thanks to Touch ID, Face ID, or PIN on your device.

Not every website supports the new standard, and it’s your task as a web developer to make use of it. It’s not widespread yet, but that’ll change rapidly.

Passkeys are kept in your Keychain and, thanks to iCloud, immediately shared across all devices.

But why is this technology better? Well, it’s simple: Passkeys allow us to make every single account more protected. Passwords are easy to steal or hack, but Passkeys are unique. There’s always one private key on your device and one public one in the cloud. Even if one of the keys gets leaked, the hacker needs both of them to succeed.

The new WebAuthn standard is fascinating, and we can’t wait until more websites support it. For now, it’s still in the initial phase. And Passkeys will work only on Macs, iPhones, and iPads for now; every other device will ask you to scan a QR code.