SMARTPHONE owners are being urged to ditch passwords for something called “passkeys” instead.
If you’ve got an iPhone or an Android, you might want to switch as soon as possible – or risk a sinister cyberattack.
Passwords are dangerous – even if you’ve got a good one.
That’s the official advice from security experts who are urging people to try a new alternative called passkeys.
There are countless problems with passwords, starting with the fact that people often choose simple log-ins.
A password that is too short is easy to guess – or crack using criminal software.
And if you choose a long password, it’s hard to remember. That means people are tempted to re-use their passwords.
If a password is re-used then one break-in can let hackers into several of your accounts all at once.
And ultimately, even with a long, strong, and unique password, you could still be the victim of a hack or leak that lets crooks steal your passwords.
Once a criminal breaks into your accounts, they can wreak havoc.
They could steal your money directly, or take your info and sell it on.
Your information could also be used to defraud you, or your accounts could be hijacked and used to commit other crimes.
Enter passkeys, the new alternative to passwords.
A passkey is a key that lets you log into an account without a password.
It’s usually tied to some kind of authentication built into your phone, like Face ID on the iPhone.
The main perk is that passkeys are immune to phishing – a type of scam where crooks trick you into handing over sensitive data.
You can’t “hand over” your passkey like you could a password, even if you’re trying to sign in to a fraudulent website designed to steal your log-in info.
They’re easily stored in password managers, are designed to be extremely strong, and can’t unlike passwords, can’t be easily “cracked” or “guessed”.
“You can’t just give away your passkey to a cybercriminal as you can with a password, making passkeys the most secure way to sign in to your online accounts and applications,” explained Keeper Security’s Aranza Trevino.
Typically you’ll be given the option to create a passkey when signing up (or in) to an app or website that supports them.
For instance, try signing up to a website on iPhone.
As you go through the process, you should see an option to save a passkey to your account.
If it’s not there then the app or website doesn’t support the feature.
These passkeys that are created will be stored inside Settings > Passwords.
It’s possible to have both a passkey and a password saved for a single account.
Once that’s done, you can simply use the passkey to sign in when it appears as an option at log-in.
If you’re logging in on another device – like a PC – with an existing passkey then you’ll need your iPhone with you.
Just look for the option for “Passkey from nearby device” and you’ll be able to log in using a QR code.
Scan the QR code using your iPhone camera then your passkey can be used to complete the sign-in.
The problem is that not all websites and apps support passkeys.
Keeper Security is now maintaining a list of services that support passkeys, which you can find here.
You can check it to see which apps you already use support passkeys, so you can go in and set them up.
