Cyber Safety Briefing: Say Goodbye to Passwords, Hello to Passkeys!

Written By Mark Faithfull

What are Passkeys?

Passkeys are a new, safer, and simpler way to log in to your online accounts without using traditional passwords. Instead of remembering and typing complicated passwords, passkeys allow you to securely log in using your device (like your phone or laptop), fingerprint, face recognition, or a secure PIN.

Why are Passkeys Better than Passwords?

  • More Secure: Passkeys protect you from phishing attacks because they can’t be stolen or tricked out of you by a fake website.

  • Easier to Use: No more remembering or resetting forgotten passwords.

  • Faster Login: Use your fingerprint, face, or PIN instead of typing out passwords.

Passkeys and Multi-Factor Authentication (MFA)

Using passkeys automatically counts as Multi-Factor Authentication (MFA), essential for Cyber Essentials compliance. MFA requires at least two forms of proof to access your account:

  1. Something you have (your device)

  2. Something you are (fingerprint, facial recognition) or something you know (a secure PIN)

Passkeys seamlessly meet this MFA requirement because your device and your biometric or PIN provide two separate proofs of identity.

Practical Example: Setting Up a Passkey for Microsoft365

Here’s how you can set up your Microsoft365 account with a passkey:

  1. Go to account.microsoft.com and log in.

  2. Navigate to Security info > Add method.

  3. Select Passkey from the options.

  4. Follow the prompts on your device:

    • On a laptop or desktop, you might use Windows Hello or a similar feature.

    • On a smartphone or tablet, you might use your fingerprint or face recognition.

  5. Complete the setup by verifying your identity with the method your device supports (e.g., fingerprint or facial recognition).

Managing Your Passkeys

You’ll likely have passkeys for multiple accounts. Here’s how you can manage them easily:

  • Built-in Managers: Modern smartphones and browsers (like Chrome, Safari, and Edge) securely store and manage passkeys automatically. Just sign in, and your device does the rest.

  • Synchronise Across Devices: If you use multiple devices, ensure your passkeys sync automatically through secure services like iCloud (Apple), Google Account, or Microsoft Account.

  • Backup Your Devices: Use the built in passkey facility on iOS or Google Authenticator or a password manager so that your passkeys are copied to other devices or backed up to your account. Then, if you lose your device, you can easily recover your passkeys on a new one without hassle.

Expect More Passkeys Soon

You’ll soon see passkeys becoming the default option for most online services, significantly enhancing your online safety and simplifying your digital life.

Stay secure, simplify your login, and #GetCyberSorted!

Mark Faithfull
Previous

Not all ISO 27001 certificates are the same – how to avoid expensive mistakes
Next

The Next Big Shift in Construction Safety: Are You Ready for Cyber Safety?