A growing number of technology companies are promoting passkeys as a secure and convenient replacement for traditional passwords. The system aims to reduce reliance on memorized credentials but raises questions about compatibility, security, and accessibility across platforms.
Passkeys operate through a pair of cryptographic values: a private key stored securely on a userās device and a corresponding public key stored by the website or application. When users attempt to log in, the system verifies the private key through a secure mathematical process. Access is granted after user authorization, which may involve a PIN, password, or biometric method such as a face or fingerprint scan.
Cross-Platform Limitations
Passkeys function most efficiently within a single companyās ecosystem. Appleās iCloud Keychain synchronizes passkeys across Macs, iPhones, iPads, Apple TV, and Vision Pro devices. It also works with Safari and most other browsers on Apple devices. However, it does not support Android or Windows platforms.
Google Password Manager provides cross-device access within its own ecosystem, including Android phones, tablets, Chromebooks, and Chrome browsers on both Windows and Mac computers. Users can also enable it on Appleās mobile devices but not on Mac computers. Third-party password managers, including Bitwarden, 1Password, and Dashlane, offer broader platform support, though some require paid subscriptions. Bitwarden provides free passkey support, while 1Password costs $35.88 annually and Dashlane $59.99 annually.
Transfer and Management Issues
Unlike traditional passwords, passkeys cannot currently be transferred between different password managers. This creates difficulties for users who switch platforms or tools. To address this, the FIDO Alliance is developing an interoperable standard called Credential Exchange. Apple plans to integrate the technology into its upcoming operating systems, expected in September.
Software Requirements
Passkey functionality depends on updated operating systems. Google Password Manager requires Android 9 or later. Appleās Passwords app requires iOS or iPadOS 16 and macOS 13 Ventura or newer. Third-party apps such as 1Password require Android 14, iOS 17, macOS 12 Monterey, or Windows 11. Updated browsers are also necessary for optimal performance.
Setup and Use
For supported websites or apps, enabling a passkey can be straightforward, often involving a few prompts during account setup. In some cases, users may need to enable the feature through security settings. Listings of compatible sites are available from providers such as 1Password, Bitwarden, Dashlane, and the FIDO Alliance.
Multiple Passkeys and Account Sharing
Most services allow users to create multiple passkeys for a single account, which helps with cross-platform use. For example, a Mac may store one passkey in Apple Passwords, while an Android phone may hold another in Google Password Manager. Major platforms supporting multiple passkeys include Amazon, eBay, Google, LinkedIn, Microsoft, Walmart, X, Yahoo, and YouTube. Facebook is gradually rolling out passkey support and currently allows only one per account.
Some providers enable passkey sharing. Apple users can share passkeys through AirDrop or via groups in the Apple Passwords app. Bitwarden and 1Password also offer sharing features. Google has not yet introduced passkey sharing.
Device Loss and Recovery
Losing a device containing passkeys poses risks similar to losing sensitive data. Experts recommend syncing passkeys with cloud services, enabling strong passcodes, and activating features such as remote wipe and device tracking. Users should also consider biometric authentication and recovery codes for regaining access. Apple, Google, and third-party managers provide varying recovery methods, including backup codes and multi-device access.
Adoption Levels
Despite industry promotion, passkey adoption remains limited. According to data from 1Password, Bitwarden, Dashlane, and the FIDO Alliance, only 329 websites currently support passkeys. Of the 100 most-visited U.S. sites, 31 allow their use, including Amazon, TikTok, Best Buy, CVS, Target, and Wells Fargo. Amazon supports passkeys across services such as Amazon Shopping, Audible, and Kindle apps.
Technical Process
A passkey consists of a private key and a corresponding public key. During login, the website generates a random string of data. The userās device processes it with the private key, then returns a calculated response. The website validates this against the public key without ever accessing the private key directly. This process ensures security while maintaining user control. Biometric or PIN authentication often initiates the login process, ensuring that only authorized individuals can use the passkey.
Outlook
Passkeys represent a significant shift in authentication methods, aiming to reduce password fatigue and enhance security. While adoption is growing, challenges remain regarding interoperability, user education, and widespread implementation. Industry groups such as the FIDO Alliance continue to develop standards to address these issues and encourage broader usage.
Read More: LAD REPORTING
