Google announced its rollout of passkeys in May of 2023 and since then, many of us have likely become more familiar with them. We’re increasingly used to using facial recognition to log into apps or our fingerprint to access our computers. But that same announcement by Google referred to a ‘passwordless future’. And we certainly aren’t there yet. But, given that major players in the tech sphere seem to be gravitating towards passkeys, we wanted to share some pros and cons of passkeys with you.
What Are Passkeys?
Passkeys are basically credentials that are stored physically on your device and used to unlock your accounts. They are considered more secure than passwords because they’re less vulnerable to certain cyber attacks, like phishing.
As Google explains, “It works using public key cryptography and proof that you own the credential is only shown to your online account when you unlock your phone.”
They aren’t just designed to replace passwords, however. The tech giants, including Google, Microsoft and Apple, intend to use passkeys to replace multi-factor authentication, authentication apps, and SMS verification.
It’s more secure because it’s based on complex zero-trust code, but the interface itself is extremely simple for users. On the tech side of things, account logins will only be successful if two things are true: 1) you have your internet-connected phone or device with you; and 2) you can input your biometric information.
This means that there is a significantly reduced risk of someone gaining access to your accounts in the event that you lose a device. It almost eliminates the risk of someone accessing your account using stolen credentials.
What Businesses Should Know About Passkeys
Whether or not businesses are ready, tech companies are looking to push forward with passkeys. So, now is the time to get informed and prepared.
Benefits of Passkeys
Passkeys offer an improved user experience since users no longer need to remember complex passwords. They can also offer reduced costs and complexity across your tech stack and can reduce your breach risk, since you will no longer be storing user passwords and user biometric data never leaves the user’s device.
The challenges of passkey implementation center around legacy systems and human resources, specifically training and uptake.
Action Items for Businesses
Step 1: Assess Passkey Readiness.
Evaluate your current authentication infrastructure and determine when it will be depreciated or obsolete.
Step 2: Develop Your Roadmap for Integrating Passkeys.
With the above dates in mind, you’ll be better able to determine the appropriate timing for passkey integration across your tech stack.
Step 3: Prepare Your Team.
We suggest starting with your IT department and/or security consultants and collaborating with internal team leads. From there, you’ll need to educate users and provide support to improve understanding and adoption of passkeys.
If you need assistance with your company’s privacy program, reach out. Our experienced attorneys would love to help you.
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.