Why Passkeys Are Replacing Passwords and How to Implement Them for Your Business
The need for increased online security is real – this is not a drill. There has been discussion for years about eliminating the need for password and replacing them with something more secure. One way that many sites are working to increase security is by using Passkeys instead of passwords.
Many of the sites I log into everyday – are starting to push the use of Passkeys in order to log in. In time, I think most sites will offer the option of Passkeys instead of – or in addition to strong passwords or Multi-Factor Authorization (MFA).
What’s a Passkey and how does it work?
A passkey is a new, easy way to sign in to your accounts online without having to remember a password. Instead of typing a password, you use something like your fingerprint, face scan, or a device PIN to prove who you are. This makes logging in faster and safer, because passkeys are much harder for hackers to steal or guess.
Why Use a Passkey?
Once set up – Passkeys offer the user the option of signing in with a fingerprint, facial recognition or a pin number. It can be much quicker, and more secure. Passkeys are more resistant to hackers. As a consumer, I like the idea of more security for my online accounts.
As a business – I’m noticing a dramatic rise in the number of attempted logins to my business site. I started thinking about how I might implement this new type of security on the admin portion of my own website, so I went looking for some answers.
Adding Passkey Sign-in for Site Admin
Implementation of Passkeys for the admin portion of your business website depends on what your website is built with:
- WordPress – There are plugins that handle this with no coding required
- Custom-built (PHP, Python, Node.js, etc.) – use a WebAuthn/FIDO2 library.
- Shopify, Squarespace, Wix, etc. – Not typically available for site owners, since login is managed by the platform itself.
Admin Passkeys In Use
There are some important considerations to plan for when implementing Passkeys for the admin portion of your website including:
- Allowing the use of either Passkeys or Multi Factor Authorization (MFA). This is helpful if you need to log in from an unknown device (like getting a new phone or tablet).
- Testing to ensure that the Passkeys work correctly.
- User experience – and storage of biometric data.
- Account Recovery – what happens if a device is lost or stolen?
- Cross Platform Syncing – most of us use more than one device.
- Browser support – the Passkey should function properly regardless of the users browser.
