Sign in Subscribe
Cybersecurity

Say Goodbye to Passwords!

Giuseppe Toscano

3 min read
Photo by rc.xyz NFT gallery / Unsplash

Hello world, in this article we will talk about Passkeys, the future way to authenticate yourself without using the obsolete password mechanism. 🔐

You already know what is a password, how complex is its management, and all its related security risks. Handling strong passwords is extremely difficult and they are the main target of most common cyber attacks, such as phishing attempts. Even if you try to do your best to protect your passwords, there are a lot of weaknesses which could be exploited by attackers to steal your credentials and access your personal account.

The idea behind Passkeys is to use the public key cryptography to authenticate users in a more secure and user-friendly way. Let's see how it works in practice:

  • Passkey Creation: when you create a passkey, your devices generates a unique pair of keys: a private key and a public key. As their name suggest, the private key is secret and it is securely stored on your device, while the public key is shared with the service provider you are trying to access.
  • Authentication Process: for each login attempt, the service requests proof that you possess the private key corresponding to the public key stored on its server. This is usually done through challenge-responses mechanisms. In brief, the website sends a challenge (usually it is simply a random number) to the user, the device generates a cryptographic signature of the challenge by using the secret private key, and the the service validates the received signature with the shared public key.
Passkey High-Level Scheme

All modern operating systems integrate passkey management directly, allowing passkeys to be stored securely in environments like Apple’s iCloud Keychain, Google’s Android system, or Microsoft’s account ecosystem. This integration also facilitates easy synchronization of passkeys across devices owned by the same user.

There are a lot of big players (e.g., Google, Google, Microsoft) which already support passkeys, you can find a partial list here. I think that in the near future, passwords will be totally replaced by passkeys.

Now that you should be familiar with passkeys, it's time to create your first passkey for your Google account. Let's start! First of all, go here and click on "Get passkeys", then sign in into your Google account, click on "Create a passkey" and confirm the creation of the passkey on your device.

"Get passkeys" button
Google Sign In
"Create a passkey" button
Confirm the Passkey Creation

Good job! You have successfully created your Google passkey. From now on, you can access your Google Account faster and easier, without having to remember those weird password characters. 😄

Google Passkey on iCloud Keychain

Some interesting resources:

Share your thoughts on passkeys! How do you think they’ll change our online security landscape? Please share your opinion below and let’s build a supportive and informative community together! 🤝

Share this article: