Microsoft not only advises using passkeys to increase security and convenience when logging in, but also offers the option of not using passwords at all.
Microsoft not only advises using passkeys to increase security and convenience when logging in, but also offers the option of not using passwords at all.
Foundry
Microsoft not only advises using passkeys to increase security and convenience when logging in, but also offers the option of not using passwords at all.
Foundry
<div class="scrim" style="background-color: #fff" aria-hidden="true"></div>
</div></figure><p class="imageCredit">Foundry</p></div>
There are many reasons for this, some of which are due to the carelessness of some users. After all, not everyone wants to assign a unique and secure password to all of their 100 or so accounts — despite all the well-intentioned advice. The consequences are well known.
However, the situation is not as hopeless as it seemed for a long time. You can log in to more and more internet services, from Amazon to Whatsapp, using the new “passkeys.” Not only are they easier and more convenient to manage, they are also much more secure.
You no longer have to remember anything, so you can’t forget anything, and you don’t even need new equipment. You can get started straight away with your PC or smartphone.
Further reading: I’m ditching my passwords—and you should too
PC and smartphone are all you need to log in securely
We focus on the practical use of passkeys and only explain the technology behind them to the extent that it helps you understand them and have the necessary trust. Passkeys are a further development of the established Fido 2 security standard with asymmetric encryption.
When you set up a passkey to log in to an online service, your PC or mobile phone generates a key pair. The public key is sent to the website and stored there, the private key is secret and remains in the crypto chip of your device — i.e. in the Trusted Platform Module (TPM) on a computer.
If you use a smartphone, the private key is also securely synchronized in the cloud of the operating system, i.e. Apple or Google. This is one of several advantages of the smartphone, which we will come back to in a moment.
Once a passkey has been set up, the next time you visit the website (or app), you simply tell it that you want to log in. The online service then sends your device a so-called challenge: a task that can only be solved with the help of your private key stored in your device and which you authorize using your fingerprint, face scan, or PIN.
Only the digitally signed solution to the challenge is sent back, not the private key itself.
As this process also takes the original domain into account, it provides reliable protection against phishing. Even if a website is a deceptively genuine imitation, the passkey refuses the log-in.
Services with passkey support
There is no official directory of all providers with passwordless login. Lists are provided by Passkeys.io , Passkeys Directory , and Keeper , among others. New providers with Passkey support may not be included at first. Important services are listed below.
1Password
Adobe
Amazon
Apple
Bitwarden (passwords)
Dashlane (passwords)
Ebay
GitHub (Software)
Google
Kayak (Travelling)
Keepass XC (passwords)
Keeper (Passwords)
Linkedin
Microsoft
Mozilla (Firefox)
Nintendo
Nvidia
PayPal
Shopify (E-Commerce)
Sony Playstation
Synology
Tiktok
Uber (e.g. taxi)
Whatsapp
X (Twitter)
Yahoo
Zoho (e.g. Office)
Here we go: Try out Passkeys
A Hello-enabled camera or a fingerprint sensor on the laptop or PC make logging in via Passkeys particularly convenient.
A Hello-enabled camera or a fingerprint sensor on the laptop or PC make logging in via Passkeys particularly convenient.
Foundry
<div class="lightbox-image-container foundry-lightbox"><div class="extendedBlock-wrapper block-coreImage undefined"><figure class="wp-block-image size-full enlarged-image"><img decoding="async" data-wp-bind--src="selectors.core.image.enlargedImgSrc" data-wp-style--object-fit="selectors.core.image.lightboxObjectFit" src="" alt="WebAuthn.io" class="wp-image-2319891" width="949" height="672" loading="lazy" /><figcaption class="wp-element-caption"><p>A Hello-enabled camera or a fingerprint sensor on the laptop or PC make logging in via Passkeys particularly convenient.</p>
Foundry
</div></figure><p class="imageCredit">Foundry</p></div>
If you only want to use Passkeys on your PC at home, you can store your private keys exclusively on your computer. The requirements are straightforward, a compatible browser such as Chrome, Edge, or, more recently, Firefox (from version 122) is all you need.
First create a login PIN for Windows Hello in the Windows settings under Accounts > Login options . This is hardware-bound, so unlike a password, it’s only valid for this one computer. If available, you can also set up fingerprint or face recognition for greater convenience.
For our passkey-in-a-minute promise, open the test page https://webauthn.io in your browser. In the “example_ username” field, enter a name of your choice, click on “Register,” and authenticate yourself via Windows Hello in the next step.
You may need to confirm the “This device” option, followed by the messages “Master key saved” and “Success! Now try to authenticate …” — all in less than 60 seconds.
Please take this request literally and log in without a password using the passkey you have just created. To do this, click on the “Authenticate” button and authenticate yourself again: “You’re logged in”!
As your Webauthn test account is automatically deleted after one day, you do not need to do anything else.
Further reading: How to prevent (or survive) a ransomware attack
Log in to your PC with a smartphone
Smartphones are more practical than PCs for passwordless logins for several reasons:
Firstly, it stores the passkeys in the mobile operating system’s password manager just as securely
Secondly, as we will show in a moment, it also enables the new login procedure on the PC
Thirdly, you almost always have it with you
Fourthly, the Android (from version 9) and iOS (from version 16) operating systems synchronize the passkeys automatically and in encrypted form in the cloud
If the mobile device breaks or is lost, you have a backup right away. Synchronization is not yet available for Windows. You can read more about the backup strategy for passkeys in the box at the bottom of this page.
This is how it works: To create a passkey via your smartphone, open the test page https://webauthn.io on your PC again, assign a user name, click on “Register” and then on the option “iPhone, iPad or Android device.”
Confirm with “Next” and hold the phone camera on the QR code shown on the PC monitor. Now confirm the passkey option shown on the smartphone and follow the next steps.
Android and iOS differ only slightly here. Depending on the device configuration, you may still need to enter the unlock PIN before authenticating with a fingerprint or face scan. You already know the rest.