Passkeys – i.e. authentication for apps or websites using biometrics or a pin code – should not only replace the old system with login name and password, but also make it more secure. Password manager developers will also be affected, and 1Password is now providing a preview of how it will deal with the topic in the future. Starting next year, the software will not only support password keys, but also make it easier to use, regardless of platform.
Apple has integrated the ability to use passkeys with current versions of macOS, iOS, and iPadOS. Instead of using a password, you can use your fingerprint or facial recognition to identify yourself in apps or websites that are compliant with the standard.
By the way, this authentication method is not an Apple development, but a cross-platform standard that was promoted by the FIDO Alliance and is also supported by other well-known companies such as Google and Microsoft, who have yet to deliver their implementations.
Combination of public and private key
A passkey consists of a few keys, part of which remains with the user and part is stored in the app or on the website. This pair of keys is then used to establish a secure and private connection between the user and the app or website. However, a would-be attacker or the operator of Passkey-compatible offerings cannot do any damage with the individual public key, as confirmation via the second key, which resides on the user’s premises, is always required for extended access.
The introduction of passkeys should be seen more as a long-term project, so it is very practical that this form of authentication can be used as an alternative to the classic login with a password. However, if the system catches on, users can look forward to a significant increase in convenience when using apps and websites with personal user accounts. Which brings us back to the password manager developers mentioned at the beginning. They cannot simply ignore the problem, but must optimize their services in relation to the use of the system.
1Password has added the ability to test the system’s planned implementation in an online demo to its take on password keys — which only works on Google Chrome so far.