"What Are Passkeys? A Cybersecurity Researcher Explains How You Can Use Your Phone to Make Passwords a Thing of the Past"
Passwords may soon become obsolete. However, the need for authentication and secure website access remains as strong as ever. Passkeys are digital credentials that are stored on a user's mobile device or computer. They are similar to actual keys. Access to a passkey is gained by logging into a device with a Personal Identification Number (PIN), a swipe pattern, or biometrics such as fingerprint or facial recognition. A user configures their online accounts to trust their computer or phone. In order to access accounts, a hacker would need physical access to the user's device and the ability to login in. Sayonnha Mandal, lecturer in interdisciplinary informatics and cybersecurity researcher at the University of Nebraska, believes that passkeys provide quicker, simpler, and more secure sign-ins and reduce human error in password security and authorization procedures. Passkeys eliminate the need to remember passwords and eliminate the need for two-factor authentication (2FA). Passkeys are created through public-key cryptography. They use a public-private key pair to guarantee a mathematically protected private relationship between the user's device and the online account being accessed. Since it would be almost impossible for a hacker to guess the passkey, the device from which the passkey is accessed must be physically at hand. This article continues to discuss Mandal's insights on how passkeys work and why they matter.