Passkeys were first announced by Apple in the summer of 2021, and were described by the company as a, “new way to make the web a safer place,” as weak and recycled passwords are considered one of the most common reasons for data breaches.
Passkeys use “powerful cryptographic techniques and the biometrics built into the device” to keep accounts safe, Adler explained, with users simply needing to use TouchID, or FaceID, to authenticate to a new web app, mobile app, or service in order to create a passkey. Presenting the security key feature to the world at WWDC 2022, Apple’s VP for internet technologies, Darin Adler described Passkeys as a “next-gen credential that’s more secure, easier to use, and aims to replace passwords(opens in new tab) for good”.
Google seems to be on board with this assessment, with its announcement describes it as a “significantly safer replacement for passwords and other perishable authentication factors”. The company says passkeys can’t be reused, don’t leak in server breaches, and protect users from phishing attacks.
They’re built on industry standards, work across different operating systems and browser ecosystems, and can be used for both websites, and apps. Google’s next milestone in this process is an API for native Android apps, coming later this year. Passkeys created through the web API “will work seamlessly” with apps affiliated with the same domain, the company added, suggesting that this move is a part of a larger transition. The native API will give apps a unified way to allow users to choose between a passkey and a saved password.
