Skip to main content

Are passkeys replacing passwords?

12th June 2025

Through social engineering, phishing, or other malicious methods, passwords can be easily obtained: is there a better way to log in to applications securely?

Passwords are the first line of defence in cyber security. We use them every day to access our personal accounts, be they important ones for financial services or less essential, like logging in to game services or social media apps.

However, passwords are only as secure as people make them. Previously we have explained exactly what makes a good password in this article HERE, but ultimately many passwords are repeated across multiple accounts or are too easy to guess (“password” is still one of the most common passwords). So, passwords can be secure, but as an overall security system, it has major flaws.

This is why recently passkeys have become more popular, as an alternative to passwords. This system uses a pair of cryptographic keys, a public key stored on the website or app you are trying to access, and a private key kept on your personal device (that never leaves it).

When you go to log in, the website sends a challenge, asking if you have permission to access. The private key signs the challenge, authenticating that you do have permission, and the website or app then verifies the sign in using the public key. This can be done by using biometrics (face ID or fingerprints), a device pin or another secure method.

There are a few advantages to this over a password: as a passkey is generated by the system, not the user, it is less likely to be compromised. Additionally, all passkeys are unique to the website or app, so unless the device is stolen and the pin discovered, chances of a breach are minimal.

Also, there is less to remember: putting in a pin or using biometrics means that you are less likely to change your passwords, which is good as often people get lazy and repeat them, or create variations that are close to the original, which are easy for hackers to guess. Furthermore, these settings can be synced across multiple devices, so you can seamlessly sign in from your phone or laptop.

So far, major companies including Apple, Google, Microsoft, GitHub, PayPal and eBay all have passkey support: the day of the password may soon be coming to an end.

If you’d like to learn more about passkeys, please contact Interfuture Security.

Back to top