Will Passkeys Replace Passwords?

Posted on Nov 30, 2022 by Devaang Jain

According to the Verizon Data Breach Investigations Report (DBIR), weak and stolen passwords are behind over 80% of all hacking-driven data breaches. 

That’s hardly surprising as most of us struggle to invent and remember strong, unique passwords for all our online accounts and services. 

The good news is Apple, Microsoft, and Google want to do away with them for good. 
Enter passkeys – the convenient,  secure alternative to passwords.

Passwords: Protecting Secrets Since Ancient Times

Humans have relied on passwords to keep their secrets for as long as we can remember, and they make regular appearances in legends and folklore. 

Think “Open Sesame” from the Arabian Nights, which opens the mouth of a cave in which Ali Baba and his forty thieves hid their treasure. Roman legionnaires also used ‘watchwords’ to tell friends from foes. 

Cut to the modern era and cryptographic ciphers are the name of the game. A cipher is an algorithm, a way of encrypting and then decrypting information. 

A password is secret knowledge used as an identity proof. The key to the password’s power is its secrecy. When a password is leaked it becomes a threat.

Despite the need for strong passwords, our persistent slackness is no secret. “123456” still tops the charts in 2022 as the most common password people use around the planet, as is the phrase “password” itself. The basic rule remains to pick a password hackers are unlikely to ever guess. 

But what if you never need to come up with another password again? If passkeys do replace passwords entirely, it could give us all a reason to breathe a sigh of relief. In the meantime…

Protect your passwords, even on unsecure public Wi-Fi hotspots with Private Internet Access. Use PIA VPN to secure your account logins anytime you’re performing sensitive transactions like banking, accessing digital wallets, or trading cryptocurrencies

What Are Passkeys?

Passkeys are emerging as the preferred access authentication technology. They let you sign in to an online account without having to type anything at all. Simply scan your face or thumbprint and you’re in.

That’s because passkeys authenticate access with a ‘biometric unlock’ in much the same way as Face ID or Touch ID on your iPhone. You’re not required to remember or store your passkeys as they’re “on you” all the time.

How do I use a Passkey?

Passkeys change how sign-in pages appear and function. Instead of the usual username and password fields, you’ll just see a username field along with the passkey authentication button. 

You’ll need to enter your username and tap on the passkey option to log in. The system will then prompt you to scan your fingerprint or initiate face recognition. If it’s a successful match, you’ll have access to your account. 

A passkey links to a trusted device. When you have a passkey on your smartphone, you can use it to sign in to any passkey-compatible website or app on any other device. This importantly also allows you to sign into your accounts on shared devices at work or school.

 Use Apple Passkeys to sign in on websites with your Face ID or Touch ID

How do Apple Passkeys Work? 

Passkeys use public key cryptography for secure authentication. Each online account on a website or app has a key pair— a public key known to the website, and a private key stored on your device alone and to which the website has no access. 

Basically, a private relationship exists between the website and the user’s device with no scope for a security compromise, as the remote web server doesn’t know your private key.

Apple built its passkeys implementation on the open industry association FIDO Alliance’s WebAuthn standards. In addition to Apple, FIDO Alliance members include Google and Microsoft, among others, and they’re all working on embedding passkey technology in their devices.

The FIDO Alliance has pioneered passkeys and created industry standards

Will Apple Passkeys Replace Apple Passwords?

Apple has clearly indicated a strong inclination towards a passwordless future. 

Apple Passkeys are slightly different to the existing Apple sign-in passwords used when you sign in to a website or app with your Apple ID. Passkeys require no passwords at all when accessing an online account.

Apple stores all your passkeys on the iCloud Keychain, making them available to all your devices through your Apple ID. 

The system encrypts your Apple Passkeys end-to-end in iCloud Keychain so it’s undecipherable even for Apple itself. When you use Apple Passkeys, you no longer need Apple passwords — just access to an iCloud-connected device with Touch ID or Face ID support will do. 

The simplicity and inherent security of Passkeys does suggest it will replace Apple Passwords sooner rather than later.

On top of taking the pressure off your memory, passkeys:

  • Eliminate brute-force hacking: Passkeys remove all odds of hackers ever guessing your password or arriving at it through a brute-force attack. That’s because the private key is stored locally on your device. 
  • Deliver faster logins: Since you’re no longer required to type in long, complex passwords, or rely on a password manager to enter a password, passkeys make logins much faster. When the media company Yahoo! JAPAN, with 50 million monthly user logins, switched to passwordless sign in, users saw a 2.6x speed boost in the login process.
  • Remove phishing for good: Phishing or malware attacks typically send users to a malicious URL imitating the real website, where they end up revealing sensitive information like account logins. Passkeys make this impossible as they’re inextricably linked to the official website you’re signing in to. On a different, malicious URL, the cryptographic key pair will never work. 
  • Give your overworked brain a rest: You don’t need to remember your passkey as you would a password. You also needn’t worry about creating a ‘strong’ passkey which is difficult for a hacker to guess. Your device automatically creates and stores a unique passkey for every account.
  • Work across devices and platforms: Apple Passkeys use FIDO Alliance’s standards. All FIDO Alliance members, including Google and Microsoft will follow these same standards to maintain cross-platform compatibility. You’ll be able to sign in on your Microsoft Edge or Chrome browser from a passkey stored on your Apple device, for example.
  • Secure your data from data breaches: When you use Apple Passkeys, the public key remains with the website. Even if the site experiences a data breach, this compromises only the public key. Even if Apple’s own servers experience an attack or a hacker compromises your Apple password, your passkeys will be unaffected.
  • Can be shared securely: You can easily share your Apple Passkeys with a friend using a secure AirDrop transfer. While it’s possible to share a password securely using a password manager, you must be able to trust the service with your sensitive information. Passkeys eliminate the need for trust, as the entire system is end-to-end encrypted. No one gets the slightest glimpse. 
  • Make your sensitive data theft-resilient: Even if you lose your device with a passkey, no one with access to your device will be able to sign in to your accounts as passkeys require biometric authentication to work.
Apple Passkeys are based on FIDO Alliance’s WebAuthn standards

Will Passkeys Replace Passwords?

Passkeys usher in a new era where internet users can access their accounts with a truly secure, trustless, and convenient authentication system. 

Tech giants have expressed deep interest in the technology, with Apple, Google, and Microsoft all talking about phasing out passwords.

This doesn’t mean passwords will suddenly vanish. Legacy systems will continue to work for some time until most websites and apps transition to a passkeys-based system. 

Kayak, the well-known travel app, is among the first to embrace passkeys. The global e-commerce marketplace, eBay has also committed to a passwordless future. Microsoft, Nvidia, and PayPal have all also begun experimenting with passkey-based logins on their websites. 

It may take some time but the shift to passkeys is a certainty — the genie is out of the bottle.

Do You Still Need a VPN if You Use Passkeys?

Passkeys are a great way to secure your online accounts, but they can’t protect you from internet surveillance and censorship. Snoopers, cybercriminals, and even your ISP can still see what websites you visit, and how you use them, even when you authenticate your accounts with a passkey. 

The passkey itself may be safe and secure, but your internet data is exposed for all to see. This is where a VPN like PIA can help.

PIA VPN encrypts your internet traffic end-to-end with military-grade 256-bit AES VPN encryption. This is the same standard governments use to secure classified information across the world. 

PIA also masks your IP address so the remote web server you connect to can’t trace your geolocation from your IP.

Welcome to a More Secure Digital Future

Passkeys use biometric authentication to create a secure and seamless login experience across the websites and apps you love. What makes passkeys so special is the intrinsically secure design which protects against fraud, malware, and phishing attacks.

Passkeys simplify account management — you just need to keep your phone or computer handy to sign in to your accounts, without having to remember complex passwords or trusting password managers with the keys to your deepest digital secrets.

Thanks to passkeys, a more secure digital future is dawning. Are you ready to forget your passwords for good? 


What are passkeys?

Passkeys are password replacements consisting of 2 parts: a public key and a private key. The system stores the public key on its remote web server and the private key is saved securely on your device. You don’t need to type anything to sign in to your account. Instead you authenticate yourself biometrically.

Passkeys are a great step forward, but are but one weapon in your security arsenal. Add an additional security shield using PIA VPN. We’ll encrypt all the data leaving your device, including any sensitive data like passwords. 

Try PIA risk-free with our money-back guarantee and get a full refund within 30 days if you don’t instantly start enjoying the security and privacy benefits of our VPN toolkit. 

What are Apple Passkeys?

Apple introduced Apple Passkeys in iOS 16, iPadOS 16, macOS Ventura, and tvOS 16. Apple Passkeys let you log in on supported apps and websites with your iPhone. You don’t need to remember any passwords. Your Face ID or Touch ID will do.

Apple Passkeys are kept safe in your iCloud Keychain, encrypted end-to-end, so no one, not even Apple, can access them.

Want to use public WiFi without worries? Download the PIA app on your iOS and macOS devices to secure them, even when you access the internet on an unsecured network. PIA also helps you bolster your anonymity online when you browse the web.

Are passkeys going to replace passwords?

Probably. Passkeys are highly secure, convenient, and impervious to hacking and phishing. They’ll definitely reduce the reliance on passwords but we still have a long way to go as websites and apps gradually embrace the new technology.

Whether you use passkeys or passwords, PIA VPN adds another layer of security to your browsing sessions. If someone tries to intercept your traffic, all they’ll see is encrypted packets. PIA is super easy to set up and offers 10 simultaneous connections with just one subscription. 

For great tips to get the most out of PIA VPN, contact our 24/7 Customer Support team. We’re always happy to help, and can be reached via email or live chat. 

Are passkeys available only on Apple?

Apple is one of the first companies to launch passkeys across their latest product range. Other FIDO Alliance members, Microsoft and Google have also been working on their own passkey technologies.

Microsoft supports passwordless logins via their Authenticator app. However, Apple has integrated passkey technology at the OS level itself, without the user having to use any additional apps for biometric authentication.

Even with passkeys, you should leave your VPN running. We have easy-to-use apps for all your devices. Download the PIA VPN apps to protect sensitive data from network snoopers and unblock websites on restrictive networks at work or school.