Contributed by: GregC, FreeTaxUSA Security Manager
Imagine if you didn’t have to remember or keep track of passwords for all of your accounts! Many online sites are starting to offer a “passwordless” way to securely login to your online accounts called passkeys. Passkeys can be an easier and more secure way to login online than the traditional username and password. FreeTaxUSA will start offering passkeys as an option to passwords starting in calendar year 2025. So, what are passkeys and how do they relate to passwords?
What problems come with passwords?
Creating, remembering, and using unique and strong passwords on every account is really hard to do. The result is we often reuse the same weak passwords on multiple sites or write down passwords in an unsecure location like sticky notes on the monitor for everyone to see. Using a password manager is one way to alleviate that problem. Check out our article about password managers for more information. An additional and even more secure method is the use of passkeys.
What are passkeys?
Passkeys are a new kind of login credential that replaces passwords. Passkeys don’t have to be memorized and there are no “weak” passkeys. Also, passkeys can’t be stolen in a data breach. When passkeys are implemented correctly you don’t have to type anything out. You simply need an authenticator, usually your phone, tablet, or computer. You use biometrics such as your face or fingerprint to authenticate yourself to the device. Then, the device authenticates you to your sites.
What are the advantages of passkeys?
- Passkeys are strong by default. Your authenticator automatically generates a strong public-private key pair for each site where you use passkeys.
- The private key is stored on your authenticator device and is retrieved automatically. It never leaves the device.
- Your public key cannot be used to figure out your private key. If a hacker compromises a website all they can get is your public key.
- Without physical access to your authenticator device AND a way to unlock it, hackers can’t login to any of your passkey protected accounts.
- Passkeys don’t have to be remembered so you never have to reset a password for your account.
- Passkeys are phishing resistant. Passkeys protect you from fake websites designed to steal your credentials. During authentication, your private key is never shared with the website.
- Not every website offers passkeys as an option yet, but more and more are starting to offer them every day. FreeTaxUSA will be offering passkeys as a login option starting in calendar year 2025.
Wrapping it up
Though it may take a while to become widely used, passkeys are a promising solution for passwordless authentication that has many advantages over traditional passwords. Industry leaders such as Microsoft, Google, Apple, and 1Password are actively promoting a transition to passkeys. FreeTaxUSA is excited to be at the forefront of this solution starting in 2025.
