Bar none, the most common method of authentication is a password. The problem is passwords are also one of the weakest. Passwords are often easy to guess or steal. Hackers know that ‘123456’ is the most used password in the world, so they can crack it in the amount of time it takes to type it in. Also, many people use the same password across several accounts, making them vulnerable to cyber-attacks. Crack one and you crack them all.

Workers typically juggle a lot of passwords, and that can lead to bad habits that make it easier for criminals to breach those credentials, such as creating weak passwords and storing passwords in a non-secure way.

61% of all data breaches involve stolen or hacked login credentials.

A better solution has emerged in recent years: passkeys, which are more secure than passwords. They are also a more convenient way to log in into your accounts.

What are passkeys and how do they work?

For each login attempt, a passkey generates a unique code which is created using a combination of information about the user and the device they are using to log in. The code is then validated by the server.

A passkey is a digital credential that is tied to the user account and the website or application one is attempting to access. A passkey allows someone to authenticate in a web service or a cloud-based account without the need to enter a username and password.

This authentication technology leverages Web Authentication (WebAuthn). This is a core component of FIDO2, an authentication protocol. Instead of using a unique password, it uses public-key cryptography for user verification.

The user's device stores the authentication key. This can be a computer, mobile device, or security key device. It is then used by sites that have passkeys enabled to log the user in.

What are the advantages and disadvantages of passkeys?


Enhanced Cybersecurity

One advantage of passkeys is that they are more secure than passwords and much more difficult to hack. This is true especially if the key is generated from a combination of biometric and device data.

Biometric data includes things like facial recognition and retina or fingerprint scans. Device information includes things like the device's MAC address or location. This makes it much harder for hackers to gain access to your accounts.


Another advantage of passkeys over passwords is that they are just more convenient, eating up less of the user’s time. With password authentication, users often must remember many complex passwords or use a Password Manager, which can be tedious and time-consuming.

People forget passwords all the time, clicking on ‘Forget Password’ to reset it slows an employee down. Each time a person has to reset their password, the process takes an average of three minutes and 46 seconds.

This issue doesn’t exist with Passkeys which provide a single code that you can use across all your accounts, making it much easier to log in. It also reduces the likelihood of forgetting or misplacing your password.

Stops Credential Phishing Attacks

One of the most prevalent attacks is credential phishing scams. Scammers send emails that tell a user something is wrong with their account. They click on a link that takes them to a disguised login page created to steal their username and password.

When a user is authenticating with a passkey instead, this won’t work on them because they don’t have a user name and password. Hackers would need the device passkey authentication to breach the account.


Passkeys are definitely forward-looking in authentication technology, but there are some issues that you may run into when adopting them right now.

Not Widely in Use

One of the main disadvantages is that passkeys are not yet widely adopted. It’s like having a 5G smartphone when all the cell towers near you are just 4G. Many websites and cloud services don’t have passkey capability yet, and still rely on passwords.

Until passkeys become more widely adopted, users may have to continue using passwords for some accounts. Juggling passkeys for some accounts and passwords for others could be slightly awkward.

Extra Hardware & Software Needed

Passwords are free and easy to use. You simply make them up as you sign up for a site – and then forget them.

You need extra hardware and software to generate and validate the codes for passkeys. This can be costly for businesses to put in place at first. But the Return on Investment (ROI) comes in the forms of productivity and improved Cybersecurity. These benefits can easily outweigh the cost of passkeys.

Prepare Now for the Future of Authentication

Passkeys are more secure and convenient than passwords. They are more difficult to hack, and they provide a more convenient way of logging into your accounts. But they are not yet widely adopted, and businesses may need to budget for implementation.

Despite these challenges, passkeys represent a promising solution – a stepping stone to the future of authentication. Getting rid of weak, easily cracked passwords means less risk to the business.

Frequently Asked Questions

Q: Can a passkey be stolen?

A: According to authentication app developer ‘descope’, “The private key portion of the key pair used in passkey authentication cannot possibly be stolen or hacked. It doesn't exist anywhere on a server, and it requires a biometric scan to be accessed, so even stealing the device on which it's stored would not amount to stealing the key outright.”

Q: What is the difference between passkey and multifactor authentication?

A: A passkey can replace both a password and OTP (e.g. 6-digit SMS code) to deliver very strong protection against phishing attacks and avoids the UX tedium of SMS or app-based one-time passwords. As such, it can meet standard multifactor authentication requirements in a single step.

Q: Are passkeys encrypted?

A: Yes. Passkeys consist of a long private key (a long string of encrypted characters) created for a specific device. Websites cannot access the value of the passkey.

Q: Who uses passkey?

A: Some of the notable websites that support passkeys are Google, Best Buy, e-Bay, Cloudflare, PayPal and Kayak.

‘1Password,’ a password manager company, maintains a site called that has a list of some sites that currently support passkeys as a sign-in and/or multifactor authentication method.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defenses are expert Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

IT Support LA is an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT Support by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT Support in California by Channel Futures
o  Winner of Best IT Support in Los Angeles by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the   ‘Pioneer’ listing
o  4 years listed as one of the Top 501 Managed Services Providers in the World by Channel Futures
o  Listed as #21 Managed Services Provider in the World in Channel Futures NextGen 101
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner by UpCity
o  Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o  Named Best of Cloud Consulting winner by UpCity
o  Certified as Top Managed Services Provider and Cybersecurity Pro by UpCity
o  Named Best IT Services in Los Angeles by

Do You Need Help Improving Your Identity & Access Security?

Multi-factor authentication alone isn’t enough. Companies need several layers of protection to reduce their risk of a cloud breach.

Are you looking for some help to reinforce your access security? Give us a call today to schedule a chat.
At the same time, take advantage of our FREE network and security assessment.