SEATTLE'S MORNING NEWS

Why you should care about the difference between a password and a passkey

Oct 26, 2024, 6:00 AM

Passwords vs. passkeys...

The difference between passwords and passkeys is important to understand. (Getty Images)

(Getty Images)

The best passwords, even “long and strong” ones, can’t always keep out international criminal gangs. So as the bad guys get smarter, you have to stay one step ahead.

Passwords are easily stolen from users in phishing attacks or data breaches and then sold on the dark web.

Checkbook.org spoke with Chester Wisniewski, director and global field chief technology officer at Sophos, a British cybersecurity company.

“A password is just a secret between me and my computer that I have to share to prove my identity,” Wisniewski said. “And we know humans are pretty terrible at keeping secrets. We’re also terrible at keeping passwords.”

Microsoft, which believes “no password is a good password,” currently detects more than 4,000 password attacks every second.

Identity theft: Can you really protect yourself?

Herb Weisbaum, contributing editor for Checkbook.org, told KIRO Newsradio’s “Seattle’s Morning News” on Thursday it’s time to upgrade to passkeys.

“You can think of it as a password, except for you don’t have to remember a password,” Weisbaum said. “You don’t have to generate one. You don’t have to store it. You don’t have to worry about somebody stealing it. Nobody can trick you into giving it away.”

According to Search Labs, a password is a user-created string of characters that you type to log into an account, while a passkey is a cryptographic key generated by your device that allows you to sign in without needing to remember or type a password making it significantly more secure. A cryptographic key is defined by Hashedout as a string of characters (often random or mathematically generated) that’s paired with an algorithm to secure data.

Whew! While that’s a lot to comprehend. Think of it as using your thumbprint to unlock a door. That thumbprint is unique to you. The door authenticates you. Passkeys are even more complicated because they have the added element of an algorithm.

“The biometric data stays in your device. It doesn’t go anywhere, the same as when you unlock it with a fingerprint or a thumbprint,” Weisbaum explained. “The only thing that would go up in the cloud is if you use a password manager, which everybody’s suggesting, to save these things so you can use it between devices that the key goes up on the cloud encrypted, just like when you use a password manager today, that stuff goes up on the cloud encrypted, but your biometric data never leaves your device.”

Avoid the ‘Doom Loop:’ New rule makes it easier to cancel subscriptions

When you sign up to log in with a passkey, a unique encrypted digital key (private key) is created on your device that’s associated with a public key that identifies the app or website where the registration is taking place.

The passkey on your device is bound to that site, meaning it can’t log into a fake Chase Bank or T-Mobile website or app. The company’s servers never get the private key, so a criminal can’t intercept it.

Weisbaum said that moving to passkeys will be a little difficult to begin with. Different platforms may not even call them passkeys. He explained that the second best way to secure your data is through adding multi-factor authentication to your password.

Weisbaum added that nothing is foolproof when it comes to cybersecurity, but this is progress.

You can test drive the technology by creating a demo account at passkeys.io.

Bill Kaczaraba is a content editor at MyNorthwest. You can read his stories here. Follow Bill on X, formerly known as Twitter, here and email him here

Seattle's Morning News

...

MyNorthwest Video

Video: The Best Food to Eat During the Big Game

The best part of the Big Game is often the food. Charlier Harger and Gee Scott talk about everything they plan on eating. What’s your go-to food when watching the game? Listen to Seattle’s Morning News w/ Charlie Harger every weekday at 5am on KIRO Newsradio 97.3 FM or go to MyNorthwest.com to learn more!

2 days ago

...

MyNorthwest Video

Video: Getting Ready for the Big Game w/ SMN’s Charlie Harger

Are you ready for the big game on Sunday? Do you know what you are going to eat? Well, we have got you covered. Tiffany Sanders of QFC and Fred Meyer stopped by the studio to talk with Charlie Harger, host of Seattle’s Morning News, about all the things we could eat and drink on […]

3 days ago

Photo: Gee Scott roasted Velveeta cheese ahead of Super Bowl Sunday....

Frank Lenzi

‘Your food is unseasoned’: Gee Scott roasts Velveeta lovers ahead of Super Bowl Sunday

If you’re looking for a Super Bowl Party where the hosts are serving Velveeta, you won’t find it at Gee Scott's house.

3 days ago

...

MyNorthwest Video

Video: Tesla is the Most Driven Car in Washington?

Tesla has passed Subaru as the most overrepresented car in Washington state. And before you start to go off about “driving a Tesla means you support Trump,” Gee Scott has something to say about that. Listen to Seattle’s Morning News w/ Charlie Harger every weekday at 5am on KIRO Newsradio 97.3 FM or go to […]

5 days ago

Image: A sign from the city of Seattle ordering the removal of private property from the city's str...

Charlie Harger

‘A place where new stories begin:’ Faith-based groups offer help, recovery paths to homeless

Faith-based organizations in Seattle and the Puget Sound region conduct outreach, offering blankets and also a path to recovery to homeless people.

10 days ago

...

MyNorthwest Video

Video: Donald Trump’s Response to the Deadly Plane Crash

The SMN crew responds to Donald Trump’s address to the nation following the deadly mid-air collision of an American Airlines jet and an Army helicopter in Washington, D.C., killing 64 people on board. Listen to Seattle’s Morning News w/ Charlie Harger every weekday at 5am on KIRO Newsradio 97.3 FM or go to MyNorthwest.com to […]

11 days ago

Why you should care about the difference between a password and a passkey