When you log in to one of your internet accounts, you are increasingly likely to be offered the option of getting a so-called “Passkey” instead of a password. This is a new procedure that, according to the German Federal Office for Information Security (BSI) and the consumer advice center, fundamentally improves security in the virtual space. But even the new procedure has its pitfalls.
What are Passkeys?
Passkeys are a kind of two-part master key for your own accounts, email accounts or banking programs. They are designed to improve protection against hacker attacks and data theft. “If an online service offers you the option of registering with a passkey, this represents an increase in security and convenience for you,” writes the German Federal Office for Information Security (BSI). A special program is needed to create them. Once you have set up a Passkey for an account, it is possible to log in there using a fingerprint, facial scan or PIN. The private part of the Passkey is stored on the device, the public part with the online service. A complex procedure is used to check whether the two elements match for each request. Passkeys cannot be stolen and each one protects a single account. This means that multiple accounts can no longer be compromised by a hacker attack.
What are the problems?
If you store your passkeys on your cell phone, you also need the cell phone to carry out transactions or log in to a Passkey-protected account. Even if you want to log in with your PC instead of your cell phone, you have to make special settings for this. It becomes quite difficult if the smartphone is lost, for example because it was stolen. If you have not saved any local security copies or synchronized the passkeys in a cloud, you will have to create new passkeys. However, the BSI also writes: “In rare cases, you may still not be able to log in after losing your device. Then you have to contact the provider and restore the account.”
Further information:
BSI | Passkeys
Consumer advice center | Passkeys
tun24111913