Passkeys will replace passwords entirely soon, experts say
“We’ve had discussions about moving to passwordless for years,” Chester Wisniewski, CTO of Applied Research at cybersecurity firm Sophos, tells the publication. “Finally, through more advanced passkey technology, we have an opportunity to move forward.”
Andrew Shikiar, executive director of the FIDO Alliance, echoed Wisniewski’s point, adding that all legacy frameworks based on a human-readable and shared secret are relatively easy to circumvent. Passkeys, conversely, are based on tokens and cryptographic signatures that work regardless of the user’s knowledge.
“The private key never leaves the device, making phishing or a website data leak a moot point. It almost entirely negates the ability for a credential to be stolen and reused. It also makes it incredibly easy for the typical consumer to adopt and use because it’s incredibly easy to use,” Wisniewski adds.
According to Rik Turner, principal analyst at research firm Omdia, the advantages of passkeys are so clear that they will soon become the standard for both enterprises and consumers.
At the same time, Turner warns that before that happens, a series of technical issues must be resolved, including that passkeys cannot currently be automatically transferred across devices on different platforms. Building on that view, Wisniewski says that, unlike hardware keys, software passkeys still prioritize convenience over airtight identity security.
“A copy exists in the cloud and not on the person,” the Sophos executive says. “The tradeoff is that if your device is lost or stolen, you can still get into accounts.”
Even as these details are being sorted, passkeys are rapidly growing in adoption, with several tech companies already allowing customers to use them as an authentication option. Google, Apple, and Microsoft have each adopted passkeys already.