How This Cybersecurity Technology Could Replace Passwords

BY BEN SHERRY, STAFF REPORTER @BENLUCASSHERRY

It's disappointing, but perhaps not surprising, that the most commonly used password on the internet is "password," followed by "123456," according to research conducted by NordPass. Passwords have always created something of a paradox: A simple code might be easily guessed or hacked, but a complex one is harder to remember. Now, tech companies are championing new "PassKey" technology, which utilizes biometric data in lieu of passwords, as the future of cybersecurity. 

But what exactly separates PassKeys and passwords? According to Ieva Soblickaite, chief product officer at NordPass, traditional passwords are stored in at least two locations; your head, and the servers of the vendor where you've set up an account. These servers are often hacked, and your password can easily be exposed, leaving you vulnerable to cyber attacks. 

With PassKey technology, creating a new account starts with two keys, both made up of long combinations of letters and numbers. One is a "public key," which is stored on the vendor's server and essentially serves as your "username," meaning it has no value to hackers. The other key is an encrypted "private key," which is kept on your personal device. When you attempt to log in to a website or app protected with PassKey tech, the public key will send a "challenge," essentially a math problem that can only be solved by the private key. After verifying your biometric data via a face or fingerprint scan, the private key is given the go-ahead to solve the challenge issued by the public key, and unlock access to your account. 

In addition to being more secure, this method essentially eliminates hackers' ability to perform phishing scams, as individuals don't even know their own passwords. The tech is already being implemented at major companies including PayPal, Kayak, and eBay, and Soblickaite says the tech could be a major boon for e-commerce businesses, as they usually rely on passwords to keep their customers' personal data and credit card information safe, but also run the risk of losing out on business if those customers forget their passwords. 

While Soblickaite says that Apple, Google, and Microsoft are already introducing PassKey technology to their devices, it will still be a little while before the tech fully replaces passwords, as 20 percent of personal devices used worldwide don't have access to biometric data, and there will always be holdouts who don't want to give up their original passwords. 

Soblickaite adds that business owners interested in implementing PassKey technology at their workplaces should be sure to verify that their tech is certified by the Fast Identity Online Alliance (or FIDO), which worked with the major tech companies to develop standards for the use and implementation of PassKeys. 

Photo Credit: Getty Images.