Technology

Why this tech is better than passwords, and how to switch

Why this tech is better than passwords, and how to switch

A password sign is seen on a keyboard in Ankara, Turkey on October 26, 2017.

Aytac Unal | Anadolu Agency | Getty Images

There’s a safer way to log in to apps and websites that removes the need to use passwords. It’s called a passkey, and companies such as Microsoft, Amazon, Apple and Google, among many others, have already adopted the new technology.

Unlike a password, a passkey relies on a string of encrypted data stored in your phone or laptop and verification from you, through a face scan, a fingerprint scan or a PIN code, to access a website or app. There’s no exchange of a password at all.

“A passkey is a FIDO credential stored on your computer or phone, and it is used to unlock your online accounts,” Google wrote in an October blog post, referring to the new standard developed by the Fast IDentity Online, or FIDO, Alliance. “It works using public key cryptography and proof that you own the credential is only shown to your online account when you unlock your phone.”

The move toward passkeys comes as our digital privacy gets harder to protect, particularly as people need to remember more and more passwords. A recent Pew Research survey showed that almost 70% of Americans are stressed about the number of passwords they need to remember.

Companies also have an incentive to adopt passkeys. When their customers fall victim to cyberattacks, companies can face expensive bills, or sometimes millions of dollars in fines if customer data is affected, to clean up the mess. Passkeys can cut the odds of that happening.

“The main thing they’re about is preventing somebody over the internet from stealing your passwords through phishing,” Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, told CNBC.

Hoffman-Andrews said passkeys are better than passwords even if you use a password manager, which helps you keep track of all your logins, because those apps often let you copy/paste a password. “If a phisher can trick you into copy/pasting, game over. With the passkey, it won’t let you copy/paste it.”

Phishing is a fraud in which attackers try to trick people into giving out personal information, often through phone calls or emails, and then use that information to access an account.

“Password-based attacks are becoming easier and easier and more and more common,” said Steve Won, chief product officer at 1Password, which has adopted passkeys.

Bottom line: Passkeys are better than passwords at protecting your personal information.

I set up passkeys for myself on Google, Amazon and Apple in just a few steps, so I’ll show you how to do the same. Make sure you own the device on which you’re setting up a passkey. I created the passkeys using my iPhone, but you can do it from a computer or Android phone by following similar steps.

How to set up a passkey for your Google account

Passkeys are a new way to log in to your online accounts.

Jake Piazza | CNBC

  • Open your browser, navigate to https://myaccount.google.com/ and log in.
  • Choose “Security.”
  • Select “Passkeys” under the section “You can add more sign-in options.”
  • Type in your password to verify that it is your account.
  • It will take you to a page that says “Create a passkey.”
  • You’ll get an overview of passkeys, and Google will ask if you want to use a face scan (Google says there are also fingerprint and PIN options).
  • If you choose a face scan — as I did, since I was using my phone — press “Continue” and look into the camera.
  • Once it scans your face, it will say “Passkey created.”
  • The next time you log in, Google will ask if you want to use your passkey. Press continue to scan your face and then you’ll be logged in.

How to set up a passkey for your Amazon account

  • Go to Amazon’s website and log in as usual.
  • Tap your name on the top-right of the page to open a drop-down menu.
  • Go to “Your Account” and choose “See all account.”
  • Then go to “Account Settings” and select “Login & security.”
  • Press “Set up” on the bar that says “Passkey.”
  • Press the yellow bar that reads “Set up.”
  • I was again using my phone, so it prompted me to use a face scan to create the passkey. Press “Continue.”
  • Next time you sign in to Amazon, it will ask if you want to sign in with a passkey.

How to set up a passkey for your Apple account

You can sign in to your Apple ID with a passkey.

Jake Piazza | CNBC

What if you lose your passkey?