Passkeys are getting ready to take over - but how locked in will you be?

The new passwordless technology is taking hold, but passkeys aren’t without their drawbacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Passkeys have been a common presence in the news recently, as an ever-increasing amount of services are suppoting their use. They are thought to be both safer and more convenient than passwords, which are routinely stolen and used by threat actors to wreak havoc to many businesses.

Applewas one of the first big names to adopt them, followed by the other tech giants, such asGoogleandMicrosoft. All are board-level members of the FIDO Alliance, which sets the technological standards for their use.

And herein lies one of the passkeys' central problems: since the private portion of the cryptographic key is stored on device, big tech seems to have seized the opportunity to keep their users locked into their respective ecosystems, not making it possible to use them cross-platform. However, the situation does appear to opening up somewhat, but there are still concerns about their entrenchment, as well as some possible safety concerns too.

New adopters

For a while, BestBuy, eBay and PayPal were the only prominent consumer services, barring the tech giants, that let users login with passkeys. But recently, others have joined the party, with the likes ofX (formerly Twitter),WhatsApp, andGitHubtaking them onboard.

Microsoft has also recently announcedexpanded support for passkeys in Windows 11, and with Apple now allowing passkeys to be managed by third-parties on its new iOS 17 platform, popular password managers1PasswordandNordPasshave done too.

These last two are perhaps the most important adopters, since one of the big selling points of third-party password managers is cross-platform compatibility. By storing a passkey with a password manager, rather than directly with Apple, Google, or Microsoft, users can deploy their passkeys on any system or device supported by the manager.

The big tech companies have made concessions among themselves in this regard, in fairness. For instance, Apple’s proprietaryiCloud Keychain is now available in Chrome 118, so passkeys created on an iOS device can be used on Google’s market-leading browser - only on Macs, however.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It would be wise for big tech to continue this trend of untethering users, since nobody likes to be beholden to a single company so completely, with no easy way to cut loose. This is especially true for businesses, who may want to switch their software and environments on a dime, and want the least amount of friction when doing so.

Other concerns

One of the much-touted USPs of passkeys is their resistance to phishing. Since there are no credentials that anyone knows, they’re isn’t a way for scammers and fraudsters to extract the key out of you.

The only problem is, biometric data can be stolen, such as you fingerprints, which is often used to authenticate the use of your passkeys.

In a recentreportfrom NordVPN, it discovered 81,000 fingerprint records on sale all over the dark web. It is not yet clear how this biometric data could be used by bad actors, but it’s never wise to underestimate the tenacity and ingenuity of cybercriminals, especially when there are serious rewards at stake.

If they can gain remote access to your device, and find a way to make use of your stolen biometric data, perhaps they could use your passkeys themselves. And, as NordVPN pointed out in its report, unlike a password, your fingerprint can’t be changed in the event of compromise.

Passkeys are also new, so teething problems are to be expected. As GitHub explained in theirannouncement, Linux systems and the Firefox browser both didn’t appear to play too nicely with passkeys, so a workaround was needed. So if passkeys were to remain closed to specific systems, problems such as these would hamper their progress and prove a real inconvenience to users.

But despite these negatives, passkeys are almost certainly a better choice than passwords, given the fact that most people, unfortunately, still maintain the worst practices possible when using them, opening themselves up to a world of trouble. And at some point in future, you probably won’t have a choice. That isn’t necessarily  a bad thing - as long as they are kept as open and cross-platform compatible as possible.

MORE FROM TECHRADAR PRO

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!