The Dawn of Passkeys: Evaluating a Passwordless Future
DOI:
https://doi.org/10.5281/zenodo.10697886Keywords:
Passkeys, Authentication, Passwords, Biometrics, Cryptography, Phishing, Security, Privacy, Accessibility, AdoptionAbstract
For many years, passwords have dominated online authentication; but, due to their shortcomings—such as poor memorability, susceptibility to phishing attacks, and hacking—more secure solutions are being sought after. Passkeys are a new technique that provides password-free authentication via public key cryptography. This study assesses passkeys as a possible replacement for passwords and a means of achieving a future where passwords are less common. An outline of the main ideas is given in the abstract. The first section of the article gives background information on the current widespread use of text passwords, including data on the billions of passwords in use worldwide and their inherent security vulnerabilities that frequently result in data breaches. The fundamentals of passkey technology are then covered, along with how it works differently from passwords by leveraging secure token-based authentication and technical implementation details utilizing WebAuthn standards. The numerous benefits that passkeys have over passwords are a main area of emphasis. Many dangers, such as phishing, offline cracking, and password reuse across websites, are eliminated using passkeys. Better convenience without password fatigue is advantageous to users. The method also increases privacy as it does not use password databases. Password resets result in improved security and lower expenses for businesses. There are still issues, such as the inertia of user acceptance, restrictions on things like device mobility, and susceptibilities to social engineering attempts. These drawbacks and open problems with passkey authentication approaches are examined in this work. The study examines future projections of how passkeys, if extensively used, would change online security and affect cybercrime rates. More general ramifications are talked about, such as the need for user education on passkeys and changing societal perceptions of password use. Given present technology and behavior, there are still unanswered questions regarding the prospects for a completely Passwordless future. The study concludes by summarizing the main conclusions drawn from the evaluation of passkeys, including both their advantages over passwords and continuous drawbacks. To ease the shift to more passkey-based authentication, suggestions are given for more study and practical implementation. Although passkeys hold potential as a new foundation for online identification and security, passwords won't vanish overnight.