It’s nearly impossible to avoid using passwords these days. It seems like everything requires one—unlocking my phone, my Wi-Fi, my email, and bank account all need passwords. Heck, there’s even a password to unlock my apartment complex’s parking lot gate before I leave for work in the morning. I need to use three passwords just to start my day! 

(I still haven’t figured out a way to put a password on my leftovers in the fridge to keep pesky roommates out, but we’ll skip that for now.) 

The first digital passwords were created in 1961, and they’ve been a staple of cybersecurity ever since. But here in 2024, I think passwords have really started to show their age. Password crackers used by hackers have become so advanced in recent years, especially with the rise of artificial intelligence, that it’s quite concerning. 

For example, a six-character password that includes numbers, uppercase and lowercase letters, and symbols can be cracked almost instantly by targeted scripts. Of course, longer passwords improve security: a ten-character password with the same features might take up to 5 months to crack, but this is still relatively quick. 

Besides the ease with which passwords can be breached, let’s not forget the difficulty of memorizing, storing, and routinely changing them. I don’t know about you, but I’ve signed up for way too many services over the last 5 years to create a unique password for each one. I’ve resorted to using a password manager to keep track of all this data. 

When you register an account on a public website or app, the 'Register with Passkey' option generates a public-private key pair that is linked to your device. The private key never leaves your device, ensuring it remains secure. Your device uses this private key to respond to authentication challenges from remote servers, eliminating the need for you to remember a traditional password. 

Unlike traditional passwords, which are sent over the internet to authenticate your identity, passkeys work differently. When you attempt to log in, the remote server sends a challenge to your device. Your device uses the private key to respond to this challenge, and the server verifies the response using the public key. If a hacker intercepts your public key, it is useless without the private key stored on your device. 

Companies like Google, Microsoft, and Apple are familiar with this form of authentication and have used it internally for years. The challenge lies in how to introduce passkeys to the public in a way that is well-received and widely adopted. Just like you’re reading this blog post to learn more about passkeys, it indicates that many people are still unfamiliar with how they work. Hopefully, we’ll see more educational campaigns from these companies soon to help raise awareness. 

Whether you use passwords or passkeys, one thing is certain: cybersecurity is a constant battle to stay safe online. 

Interested in learning more about cybersecurity solutions offered by Stellar? Click here!