|10 Common Passkey Questions and Their Answers, Straight from Dashlane’s Chief Product Officer|
Donald HassonJune 22, 2023
Passwords come with a host of problems: Without a password manager, they’re often weak and prone to being phished, and the average person must create and memorize dozens or hundreds of them. Passkeys are a newer, better way to sign in that could eventually replace passwords forever. They’re based on the WebAuthn standard created by the FIDO Alliance, which includes board members Microsoft, Apple, Google, and Dashlane.
Passkeys represent an incredible advancement in the identity space. However, they’re still so new that there are many questions. We’ve created this post as a resource for all questions related to passkeys and passwordless authentication, and we’ll be updating it regularly.
What does “passwordless” mean?
Passwordless refers to securely authenticating into a digital service without a password. Today, instead of typing a password, users can authenticate with their device's biometrics (like a fingerprint), SSO, or hardware keys to securely access a website or app.
What are passkeys?
Passkeys are a phishing-resistant replacement for passwords that provide faster and more secure sign-ins to websites and apps across a user’s devices.
How do passkeys work?
Passkeys simplify the login experience. In contrast to a password that needs to be remembered or typed, once a passkey is created, the device saves the passkey and completes the login with your biometric features or device PIN. Unlike passwords, passkeys are based on public key cryptography, which guarantees that they are always strong and unique.
How will passkeys make it easier for me to access accounts online?
Passkeys don't require tracking, changing, or resetting. When you use passkeys, there is nothing you have to think about or remember to access your accounts.
Your device, or a password manager, automatically stores all your passkeys and knows exactly which passkey to use for each site and device you're on. After your device or password manager suggests the correct passkey, you can use your device PIN, face scan, or fingerprint to complete the login quickly.
How will passkeys ensure the security of my online accounts?
Passkeys are designed to be unique to each website and encrypted on your device to protect against cyber threats. Unlike passwords, passkeys are resistant to threats and designed to keep your account secure and free from risks such as phishing, hacking, and reuse. They’re also not vulnerable to being stolen in a data breach because any information about passkeys stored on a server somewhere in the cloud is of no value to an attacker.
You can use Dashlane to save and sign in to websites and apps with passkeys on devices running Android 14 beta, and soon, on iOS 17.
I use biometrics for Dashlane today. Am I already using passkeys?
You can login to Dashlane using biometric features on your device. However, this doesn’t mean you’re using passkeys to log into Dashlane. This is simply a way to securely remember your Dashlane account credentials on your device.
Why would I need a password manager to store passkeys?
The primary reason you would benefit from using a password manager for passkeys is that it will seamlessly work across platforms.
Passkeys stored in a platform ecosystem work well within that ecosystem. For example, you can create passkeys on an iPhone, where they get synced with iCloud Keychain, and then use them on your Mac laptop.
However, if you try to use passkeys across platforms, then the login experience is not as smooth. For example, passkeys created on an iPhone will work on a Microsoft laptop, but this relies on specific device ownership and a clunky QR code process.
If you use a third party like Dashlane, it will be easier to use passkeys across platforms, liberating you from any ecosystem constraints of clunky UX.
Can I use one passkey on multiple sites and apps?
The short answer is no. Passkeys are designed to be unique for every website. This 1:1 relationship between the passkey and the website minimizes the risk of login attempts on phishing websites: For instance, mail.google.com versus mail.gooogle.com.
What happens if I lose the device that has the passkey to a site?
Losing a device doesn’t automatically mean you’ve lost your passkeys. If you lose your device, you’ll use the same methods you use to recover your account based on the guidelines provided by the service or device provider. For example, if you lose your Apple device, you simply log into a new iPhone with your iCloud account and recover your account.
How long before passkeys replace passwords?
Currently, the adoption of passkeys is in its early stages. Some companies are beginning to offer passkeys alongside traditional passwords, allowing users to select the added convenience of using them alternatively as a primary or secondary login method. However, passkeys are expected to eventually become the primary authentication method, and a passwordless model will be the standard choice for secure authentication.
Passkeys are easy to use, and the security behind them is robust—and even better than passwords. Whether you’re an early adopter or you’re waiting for passkeys to be a bit more mainstream, Dashlane is here to help you understand the tech and log in with ease.