Passwords

Passwords are a digital key that is entered along with a username to access a website. They were first used by Fernando Corbató, a computer scientist at MIT in 1961 to allow multiple users to login to an early operating system. Passwords are created by the user and involve a string of characters typically uppercase and lowercase letters, numbers, and symbols. Remembering multiple complex passwords can be challenging which leads many users to choose simple passwords and reuse passwords for multiple accounts.

Passwords are vulnerable to being guessed, shared, stolen, and forgotten making them less secure than passkeys. Password security depends on confidentiality. If a password is compromised it can result in unauthorized access to your online accounts.

Passkeys

Passkeys are more secure than passwords, they offer greater protection against hackers, theft, malware and phishing scams. Unlike passwords that must be remembered and manually created, passkeys are generated automatically using cryptography which splits credentials into two parts so even if one of the keys was somehow stolen it would be useless without the matching key.

Passkeys were designed to replace traditional passwords. You use your phone or another supported device to prove your identity before being granted access to your account. They use biometric authentication, which can include facial recognition or a fingerprint, a swipe pattern or a PIN.

Since passkeys are a relatively new technology not every website offers them and even those that do don’t always disable the password option, this leaves your account vulnerable to hacking, but as the technology is more widely used passwords may eventually become a thing of the past.

For each website you use enable the strongest security settings offered. When using the password option use a password manager to store your information. Most password managers offer a generator that will create a long, strong, complex password for you to use. Never use the same password twice and change your password several times a year or anytime there is a data breach, or you believe your password may have been compromised. If a site does not offer a passkey option but supports MFA (multifactor authentication) use it. MFA adds an additional layer of security to your account requiring you to provide 2 or more forms of authentication before being granted access to your account.