GB
  
You are currently viewing the United Kingdom version of the site.
Would you like to switch to your local site?
21 MIN READ TIME
stop using passwords

STOP USING PASSWORDS

Passwords are a hassle to remember and enter, and offer only weak protection for your online accounts. Robert Irvine explains why you should now switch to passkeys
© ISTOCK / GETTY IMAGES PLUS

WHETHER YOU store them in your browser, on post-it notes, or in your head, passwords are a necessary evil for protecting your online accounts. The trouble is that they don’t perform that job very well, and can prove to be more frustrating than reassuring.

We’ve all received alarming emails urging us to change our passwords immediately after they’ve been compromised in a data breach, locked out of accounts when we couldn’t remember the password, or had to conjure up convoluted logins containing upper- and lower-case letters, numbers, and special characters.

The introduction of two-factor authentication (2FA) gave our accounts a second layer of security, but because 2FA methods are used in addition to passwords, and usually involve waiting for verification codes to arrive, they make signing into websites even more tiresome.

Thankfully, there is now a reliable solution to the password problem in the form of passkeys. These represent a huge step forward for online security, because they’re safer, faster, and more convenient than passwords, with no need to type or remember anything.

As with any new technology, there’s still a lot of confusion and uncertainty about passkeys, so in this feature we explain how they work, how to use them, and which websites, apps, and services currently support them.

Once you switch to passkeys, you’ll wonder why any of us ever bothered with passwords.

WHY YOU SHOULD DITCH PASSWORDS FOR PASSKEYS

What are passkeys?

Passkey technology is a new means of securing your accounts with websites, apps, and online services without using a password. It shares some similarities with two-factor authentication, which usually requires you to enter a verification code to sign into accounts, but is easier to use, and stops you needing to remember or type any login details.

Instead, passkeys let you log into sites and apps in the same way that you unlock your PC or phone, such as using your fingerprint, face, or a screen-lock PIN. Because this data is stored on your device rather than with the respective service, passkeys are much more secure than passwords, as well as more convenient.

Precisely how are passkeys more secure?

Although traditional passwords are concealed on your screen behind asterisks or bullet points, you still need to type and submit them using plain text. When you create an online account, the website or app encrypts this text and saves the result as a ‘hash’. Every time you sign into the site or app, it compares the stored hash with the password you enter, and only grants you access if the two match.

The danger is that if hashes are compromised in a data breach, hackers will be able to decrypt—or ‘crack’—them and use the extracted passwords to gain access to users’ accounts. Online services should ideally ‘salt’ their hashes, which means adding random data to passwords before they’re encrypted to make them more difficult to crack. But this salting often doesn’t happen, and unsalted password hashes that have been stolen in breaches end up being sold on the dark web.

In contrast, passkeys use a type of end-to-end encryption called public key cryptography. Each passkey consists of a pair of keys—a public key and a private key—that are linked to one another. Your public key is stored by the website or app when you create a new account, while your private key remains on your device and is never shared. To sign in, your device sends a request to the site or app, which then returns a challenge that can only be solved with the corresponding private key.

Because passkeys are bound to specific websites and apps, they safeguard you against phishing scams that trick you into entering your login details on fake sites and apps. Only the public key is stored by the online service, but this is useless to a hacker unless they also have your private key. It may sound complicated, but it all happens automatically—and instantly— when you use your passkey method.

Many big tech companies now support passkeys as part of the FIDO Alliance.
© ALAMY, FIDO ALLIANCE
Passkeys let you use your phone’s fingerprint scanner to unlock your accounts.

What are the main passkey methods?

Unlock this article and much more with
You can enjoy:
Enjoy this edition in full
Instant access to 600+ titles
Thousands of back issues
No contract or commitment
Try for 99p
SUBSCRIBE NOW
30 day trial, then just £9.99 / month. Cancel anytime. New subscribers only.


Learn more
Pocketmags Plus
Pocketmags Plus

This article is from...


View Issues
Maximum PC
January 2024
VIEW IN STORE

Other Articles in this Issue


editorial
TOUCHING GREATNESS
Guy Cocker WHEN IT COMES to building novel
QUICKSTART
AMD’s APUs go Zen4
8000-series good news for budget gaming
WIN12 NEXT YEAR?
THE NEW WINDOWS MIGHT FINALLY HAPPEN
COPILOT GETS GPT4 TURBO
This AI is about to get even more intelligent
Tech Triumphs and Tragedies
A monthly snapshot of what’s good and bad in tech
NVIDIA SWERVES CHINESE SANCTIONS
Regulators not happy about it either
WIN10 USERS TO PAY FOR SUPPORT
Home users need to upgrade or pay
Threadripper hits 6GHz on 96 cores
AMD’S ZEN 4 THREADRIPPER 7000-SERIES launched recently. There
The L2 RAM Disc
Fast storage means getting close to the processor.
AI ain’t Green
We all know that cryptocurrencies chew through a
RTX 4090 Banned in China
TECH TALK
THE LIST
THE BEST GAMING KEYBOARDS
We’re to blame when our AI overlords arrive
TRADE CHAT
DOCTOR
THIS MONTH THE DOCTOR TACKLES...
MAXIMUM PC
How Much Power Do You Need?
Core i9 vs Core i5
WINDOWS 10 STICK, UPGRADE OR SWITCH?
Don’t panic THOSE WERE THE WORDS so famously
Linux Mint
Nik Rawlinson is already a Linux convert. Here, he offers a few good reasons to switch
Tiny11
We asked Nik Rawlinson to move out of his comfort zone and give this strippeddown version of Windows 11 a try
Windows 11 in the cloud
There is a novel, if painfully expensive, option: stream a Windows desktop instead. Jon Honeyball delivers his verdict
Windows 10 end-of-life security reality check
Davey Winder explains how vulnerable you’ll be if you decide to carry on using Windows 10 past its sell-by date
CENTERFOLD
PERFORMANCE GEAR LAID BARE
WELCOME TO STREAMING SCHOOL
How to get started streaming on Twitch and what hardware you need for it
R&D
HOW TO STEP-BY-STEP GUIDES TO IMPROVING YOUR PC
TIP OF THE MONTH © MICROSOFT, PI-HOLE.NET ,
Ban intrusive ads from your network
YOU’LL NEED THIS PI-HOLE ( https://pi-hole.net ), which
Supercharge Chrome (and Edge)
YOU’LL NEED THIS GOOGLE CHROME https://www.google.com/intl/en_us/chrome CHROME
Use package managers to download safely
YOU’LL NEED THIS WINDOWS 10 OR 11 www.microsoft.com/en-us/software-download
Yet another GPU shortage
This time, it’s political
Ducky ProjectD Outlaw65
Construct your own keyboard
IN THE LAB
Asus ROG Maximus Z790 Dark Hero
A dollar too far?
Asus TUF Gaming GeForce RT X 4090 OC
What is going on with RTX 4090 prices?
Lenovo LOQ 15APH8
A rare miss from one of the best laptop brands
Asus ROG Strix Scar 16
If there’s such a thing as a value $2,500 gaming laptop, this is it
Asus ZenScreen GO MB16AWP
A take-anywhere monitor that’s a surprisingly complete package
ASRock Z790 Riptide WiFi
Do you really need to spend more?
Nacon Revolution 5 Pro
Not one for the PS5 owners, that's for sure
Corsair iCUE LINK Ecosystem
Single cable daisy-chaining luxury
Creative Zen Hybrid Pro SXFI
Well-rounded headset offering great value
Avatar: Frontiers of Pandora
A good Far Cry with big problems
Google Chrome vs Firefox
One’s a behemoth, the other an old(er) pretender
LETTERS
LETTERS
WE TACKLE TOUGH READER QUESTIONS ON...
THE BUILDS
THIS MONTH’S STREET PRICES...
Chat
X
Pocketmags Support