More and more smartphones support passkeys: a way to log in without needing a password. It’s not only easier, but also safer.

Since we have internet, we log in with a username and password. This sequence of letters and numbers has become longer and more complex over the years to improve security. Yet the password remains the weakest link, as it is only a matter of time before it is leaked or stolen.

The two-step verification was therefore created as an additional security. After entering your username and password, you will receive an SMS with a code, for example. With this code you can log in. Yet it is also a vulnerable system, says Tanya Wijngaarde of the Fraud Help Desk. “At the moment it’s just a matter of making do,” says Tanya Wijngaarde of the Fraud Helpdesk. But security keys are a good solution, according to the fraud expert.

Login with fingerprint

With a password, you do not log in to e-mails with a username and password, for example, but via your smartphone. You authorize the connection via your phone by means of facial recognition or a fingerprint. Sometimes you can also use your phone’s PIN to log in. Remembering a password is therefore no longer necessary. An access key automatically provides two layers of security. You physically need your smartphone and you need to confirm with your body that it is you.

With the obsolescence of username and password, the risk of data theft also disappears. It is precisely these that are stolen during phishing. For example, if you enter your details on a malicious website. This is no longer possible with a password. Each access key is unique and only works on this website. The Fraud Helpdesk is enthusiastic: “This is the best protection against phishing.”

Passkey also has disadvantages

Such new technology stands or falls with the devices and services that support it. This seems to be going in the right direction with security keys, as Apple, Google, Microsoft, and Amazon are working together on this. They have all joined the trade association FIDO, which has developed security keys. All iPhones with iOS 16 support the technology and the latest versions of Android are also ready.

A downside of security keys is that you’re still relying on another device to log in. This is why it is extremely important to make a backup in the cloud, so that you can always access it, explains the Fraud Helpdesk. You can store the various passwords with Apple or Google, or use a third-party password manager.

Unfortunately, you can’t just throw all your passwords in the trash just yet, because not all websites, apps, and services support the new security method. It will still take time. “It’s a shame,” says Wijngaarde. In particular, a few major American parties participate. But a start was also made in the Netherlands. Recently, Dutch people can log in to their Google account with a password. Setup is easy. Go to your Google account settings. Under “Security”, click on “Access keys”. You will then need your smartphone to sign in to your Google account from now on.

Tips for secure passwords You won’t be able to use Passkeys everywhere, so passwords will still be required for your online accounts for now. To do this, follow these tips: – A longer password is more secure, so set an easy-to-remember passphrase. – Set one with each service single password so that malicious parties cannot access all your accounts after a data breach. – Use a password managerlike 1password or Bitwarden, to create and store unique passwords. – Define if possible two-step verification as a second layer of security.

