The tech world is working towards a passwordless future. WhatsApp and Amazon have now taken a further step towards this. The popular messenger from Meta and the shipping giant will in future rely on an alternative to the traditional password – passkeys. But what are such passkeys and why do users no longer need passwords?
Basically, passkeys make it possible to log in to a website or app without having to use a password. This should not only make the process safer, but also easier and faster. Instead of having to laboriously type in a username and password, users can basically log in in the same way they are used to unlocking their smartphone – using a PIN, scanned fingerprint or facial scan.
As a rule, this is not just fixed. Users no longer have to remember passwords. Users can no longer accidentally use weak passwords for their accounts that other people can easily find out. Criminals do not use phishing methods here because passkeys are tied to devices. For example, third parties would also need access to the user’s cell phone in order to be able to grab the account.
When you register on a website or with an online service, a key pair is generated, so to speak. One of these keys goes to the respective service and is linked to the account, the other remains securely on your own device. When logging in, users confirm with their PIN, fingerprint or face that the key on their smartphone matches the other key. This can ultimately be used to unlock the lock to the website you are visiting.
WhatsApp has initially announced the Passkeys feature for Android devices. It is currently unclear when this might also be available for Messenger on the iPhone. Amazon has also recently officially started using the feature. According to the company, passkeys can currently be used by all customers via browser and gradually via the iOS app. Support for the Android app will follow.
Google and Apple, among others, have been using passkeys for some time. In May, Google announced that it had started rolling out passkeys for accounts. “The beginning of the end of the password,” was the title of a corresponding blog entry.
So far, users cannot completely do without passwords because many sites and services do not yet support the new alternative. “I have set up two-factor authentication (2FA) for all my activities on the Internet and – where possible – I use passkeys,” explained Dr. Jochen Eisinger, Director of Engineering for Chrome Trust
With two-factor authentication, users have to prove that they have authorization for access. The first factor is usually the corresponding password, the second is often a confirmation code that ends up on the smartphone via app or SMS.