Today, Microsoft is rolling out a new update to Windows 11. It adds many new features to the OS. One of them is support for passkeys. These are digital credentials that people can use to authenticate their identity on a website or an app. It allows them to log into these platforms using biometrics. That means people using Galaxy Books with Windows 11 will now be able to create a passkey and log into a website or an app that supports passkeys with Windows Hello by using a fingerprint scanner or an IR camera on their device.
Typically, when we are logging into an account on a website or an application, we enter a username and a password to authenticate our identity. However, this password can be stolen from the website’s server through a cyber attack, giving hackers access to your account. In case you have used the same password on multiple platforms, hackers will have access to all of those websites or applications as well. You can avoid this issue by using the two-factor authentication method but it adds an extra step to the login process.
What are passkeys?
The solution to this problem is passkeys, a password-free sign-in standard from the FIDO Alliance and the World Wide Web Consortium. When you are creating an account on a website or an app that supports passkeys, all you have to do is enter your username. The web browser will show you a pop-up asking you if you want to create a passkey. Use that option, provide your biometrics, and voila, your account will be created without entering a password. Similarly, you can log into the account just by providing your biometrics.
You can also use passkeys with websites and applications on which you have already created an account, provided that they support passkeys. Just log into that account and change the authentication method to passkeys. The website or the app will then no longer ask for a password. You can log into it only by using biometrics. Passkeys remove passwords from the equation, which not only enhances the security but also relieves you from remembering complex passwords or using and paying for password managers.
How secure are passkeys?
A passkey has two components, a private key that’s stored on your device, and a public key that’s stored on the server of the website. Only when these two keys match, the authentication process takes place. So, the private key and the public key are useless without each other. That means even if the public key gets stolen from the website’s server, it won’t be of any use.
Can passkeys be synced across devices and platforms?
On Google and Apple devices, passkeys are uploaded to the cloud of the respective platforms, allowing you to access them on all devices running on the same platform. At the moment, there’s not enough information on whether passkeys on Windows 11 are uploaded to the cloud or not. In a blog post, Microsoft says “You can manage passkeys stored on your Windows PC and sign in using passkeys saved on your mobile phone for added convenience”. That being said, we'll get clarity as people start using it.
At this point, you might be wondering about what would happen if you ditch a platform or an ecosystem altogether. Say, you want to sell all your Apple devices, including your iPhone and Mac, and get an Android smartphone and a Chromebook instead. What would happen to your passkeys then? Can the passkeys be transferred from Apple’s iCloud Keychain to Google Password Manager? Unfortunately, no. At least till FIDO finds a way. Until then, using passkeys means getting locked into an ecosystem.