Photo by regularguy.eth / Unsplash

The future of passwords is finally here

Tech&Stuff May 26, 2023
The future of passwords is looking more promising than ever with the introduction of Passkeys!

The day has finally arrived... Step aside long alphanumerical password that I'm definitively not using in hundreds of more websites, behold the future, passkeys.

What are passkeys?

I hear you ask, well, passkeys are a more secure way of accessing your accounts. Instead of having to use a different password on every single site that you either have to save or memorize (and let's not kid ourselves, unless you use a password manager or something of sorts, you'll use the same one), two things will be created, a public key which will be stored by the website, and a private one which will be stored either in your device (Windows Hello, YubiKeys...) or in the cloud! Password managers such as 1Password and Bitwarden are already beginning to save them!

Bitwarden to launch passkey management | Bitwarden Blog
Welcome, passkeys – FIDO credentials stored directly on your phone or computer.
Goodbye, passwords | 1Password
We’re all-in on passkeys, and we’re starting with 1Password.

The private key then will be only accessible through the magic of biometric authentication, leaving those pesky 2fa codes that you always have to be checking out of the picture.

The way it verifies your identity when logging in is pretty much the same as the GPG keys (in fact, they are based on the same principle to verify the identity of the keyholder). They give you something encrypted with your public key which can only be decrypted by private key that only you have. Then that is returned and by the magic of Public-key cryptography you're signed in! No need to remember passwords, or anything to be honest, you just need your finger! (Damn! That's a good slogan. "No passwords, just a finger")

The beginning of the end of the password
We’ve begun rolling out support for passkeys across Google Accounts on all major platforms as an additional option that people can use to sign in.

Are there any benefits?

A lot, actually. For example, it cannot be forged because only you hold the private key, and the message that the site sends for verification is encrypted in such a way that it can only be decrypted with your private key. It's awesome!
Another benefit would be eliminating all those "Crap! I forgot my password, now I gotta do this... wait for the email... write a new password and it turns out it was the last one...", because it's saved in your device and you carry all that with you! The magic of standards, am I right?

In conclusion

Yeah, passkeys are neat, and I've been advocating for them since day one! I can't wait for the passwordless future. All of this is mostly thanks to the hard work of the FIDO Alliance, so give them a big applause.
Hopefully this way we can ensure a safer internet, and without 2FA SMS authentication, those are the real nightmare here. (I'm looking at you, Twitter Blue)