Passkeys, FIDO & The Mission To Abolish Passwords

Photo of author

By admin

After gaining media prominence in 2022, big tech names like Apple and Google have made efforts to expand passkey support for users. You may not have heard about it, but there is a battle for the future of online security happening right now and it hinges on abolishing the password.

Passkeys & Their Benefits

Passkeys are being hailed as the password killer because they could lead to a more secure internet if widely implemented. They make authentication easier for people and businesses, eliminating the need to juggle many passwords. They work by using a unique digital key that gets stored on a device instead of a server somewhere, and they are validated by biometric data such as a fingerprint, iris scan, or full face scan.

If a website requires an account with a passkey, that passkey will never be exposed. This is ideal for financial services and paid entertainment. Popular iGaming sites are a good example that stands to benefit from passkey adoption since they don’t need to store the passwords of their many users, cutting down on operating costs. Users then only need one passkey to play slots for real money and get the bonuses that these websites offer. Successful online casinos are triply certified by authorities, payment processors, and the wider internet infrastructure through SSL certification, making them an ideal use-case for passkeys.

Another is online banking, where passkeys can provide a unique, cryptographically secure form of authentication. Put simply, passkeys make it so we can stop memorizing a dozen passwords for services. Companies and websites don’t need to store passwords, so no password data can be taken by bad actors. This would make doing business online more convenient and cost-effective than ever before, for all parties involved.

The FIDO Alliance & Why It’s Needed

In pursuing passkey adoption and other authentication methods, tech giants are working with the FIDO (Fast ID Online) Alliance. This is an association dedicated to improving interoperability, the main problem when trying to advance past passwords as a security measure. All our hardware and software need to be on the same page as we adopt standardized password replacements. A passkey won’t be more useful than a password if many devices don’t support passkeys, while passwords are still used everywhere.

FIDO has championed the introduction of biometrics into authentication since this is hard to replicate. Hard but not impossible, as voice scanning authentication has recently taken a hit from voice cloning AI, as reported by Vice. That’s why they have landed on passkeys as a solution, combining biometric validation with a device-centric, locally stored digital credential that interacts with a service’s corresponding key. When all that falls into place, you’re in, and it’s currently the most secure form of authentication we have.

Passwords & AES-256 Encryption

On the other side of this battle are the passwords and their proponents. We’re well-acquainted with them at this point – we all have one (or ten). First is data centralization, where we don’t want one provider to become the sole generator of passkeys. This was perceived as a problem for passwords back in the day, so it’s natural it’d apply to passkeys too. Natural competition in the open market should stamp this problem out.

Then there is AES-256 encryption, an alternative that works well when paired with a password manager. Assuming they use AES-256 encryption standards, a password manager that has a very good user-generated master password solves most of the password issues that passkeys solve, all while avoiding adoption complications. Passkeys and password managers have been compared by PC Magazine.

Overall, passkeys certainly put a stop to some of the bad practices that come with passwords, from user error to burdening companies with password data. With Google, Apple, and other industry leaders pushing for it, it’ll become one of the viable authentication strategies for the future when it comes to online services. It may kill passwords but not the password manager, which already solves these concerns for businesses that must juggle a lot of passwords.

Leave a Comment