A simple question posed by a user on a tech forum a few weeks ago: “How can a four-digit PIN be more secure than a complex password?”
This was enough to ignite an ongoing debate between cybersecurity specialists and ordinary users about passkey technology, which is being adopted today by giant companies and official bodies such as the British National Center for Cybersecurity as the most worthy successor to traditional passwords.
The confusion is understandable, and the question is legitimate, but the answer requires understanding the weaknesses of traditional passwords before judging the new alternative.
Weaknesses in passwords
The fundamental problem in Passwords It is not in the user, but in the mechanism itself. Passwords are based on the “shared secret” principle, as the website needs to verify the password used by the account holder. And here lies the problem, because any data associated with login can become a target for electronic attacks.
Whether through hacking databases or through phishing attacks, which prompt the user to reveal their data, passwords remain vulnerable to theft and reuse by attackers. Most of the time, without the knowledge of their owners.
How do passkeys achieve greater protection?
Passkeys work differently. Instead of relying on a shared secret, the user’s device keeps what is known as the “private key” locally, and it never leaves the device. When you log in, the device uses technologies encryption Advanced sends its results to the site to verify the user’s identity, without revealing the key itself.
This mechanism means that hacking a website does not give attackers the ability to obtain or reuse users’ password keys, and this technology also provides greater protection against phishing attacks that usually rely on stealing traditional passwords.
In practice, the user does not need to deal with these complex technical details, as passkeys are opened using a fingerprint, facial recognition, or a short personal identification number, which makes their use easier for most people.
An expressive image designed with artificial intelligence (GPT chat)
What happens when the phone is lost?
This is one of the most common questions asked by skeptics of the new technology. It is true that whoever owns the phone knows the number Secret Your device may theoretically be able to access the passkeys stored on it, but this requires physical access to the device.
On the other hand, traditional passwords can be stolen remotely from anywhere in the world through various means, without the user immediately realizing it. Therefore, advocates of this technology believe that the risk does not disappear completely, but it becomes more difficult and less vulnerable to large-scale attacks.
Between security and ease of use
Despite the security benefits that passkeys provide, transitioning to them is not without challenges. Losing or malfunctioning devices may raise concerns for some users, and the multiplicity of digital security methods, from passwords and fingerprints to two-factor authentication and password managers, makes managing digital security more complex for some.
However, many experts agree that passkeys represent an important step toward reducing the risks associated with traditional passwords. With the increase in electronic attacks and the development of hacking methods, this technology appears to be a serious attempt to address the weaknesses that have accompanied passwords for decades, while providing a simpler user experience for users.
