Published by:
| Industry & Updates, Technical,

Passwords Are Out, It’s Time for Passwordless With Passkeys in 2025!

If you haven’t already started using these for your business and personal apps then you should. With Microsoft and other global leaders moving us away from passwords they are inevitable. Here’s what you need to know about them.

Passkeys are the evolution of access management and account security. Passkeys offer a passwordless way to authenticate users.

The current methods of using passwords and standard multi-factor authentication (MFA) are simply not good enough. Let’s briefly discuss why:

  • Whats wrong with passwords? Passwords can be weak for many reasons, not least because we as people tend to choose weak passwords and share them across platforms. It’s just easier for us to remember – but unfortunately this makes them easy to guess.
  • Microsoft say they block over 7000 password attacks a second!!
  • Issues with MFA? Password attacks are so prevalent for online systems that using MFA is a MUST. It’s taken a long while to get here, too long, some sites still don’t even have this capability! Unfortunately, even MFA has its problems, once again this is primarily because it comes back to us as people making a decision. We have our MFA code but are all too quick to give it away, to share it with someone online or over the phone, or to just blindly acknowledge that popup on your phone after it requests your approval for the 10th time.

Understanding Passkeys:

They rely on public-key cryptography and FIDO Alliance standards. Below describes key points on how passkeys operate:

  1. Website/Application: The URL of the site you are setting up your passkey for is used as an ID (Party ID) to confirm you are on the correct website. For example if you had a Passkey for Microsoft.com but you went to micros0ft.com that wouldn’t match for the real Microsoft.com website. The Party ID MUST match which negates attackers directing people to fake websites.
  2. Authenticator: This is a piece of software or hardware that supports storing your private key for use as a passkey. It could be Yubikey, Microsoft Authenticator, a TPM or other device or software. It will need to be able to connect to the device you wish to use to access the website/application. This could be via USB, built-in or wirelessly through NFC, Bluetooth, etc. The key point is that there is a close proximity between the Authenticator and the connecting device.
  3. When you choose to log in to a website/application with your passkey you simply initiate the Passkey. Some require a fingerprint or 4 digit PIN or pressing a button, the point here is that the user MUST perform a deliberate action. The passkey uses asymmetric encryption where there is a public and private key, and it is the private key stored on the Authenticator.

The Benefits of Passkeys:

  • Phishing-Proof: Passkeys only work on the app or site they’re created for, blocking fraudulent attempts. A device must also have that proximity to the Passkey.
  • User-Friendly: No more remembering passwords—signing in is fast and seamless.
  • Stronger Security: Private keys stay on the user’s device, eliminating risks from server breaches.
  • Cost-Efficient: Fewer password resets and lower support costs.
  • Flexible: Passkeys work across platforms, from Windows to iOS, Android, and beyond.

 

End-to-End Cyber Security

The security demands for organisations are changing, with identity management, compliance and cyber insurance being key motivators for bolstering cyber security controls. At Data Connect, we understand our customers’ challenges, while analysing the threat landscape and reviewing cutting-edge technology to provide a renowned quality of service. Our team of seasoned security professionals, including a dedicated SOC team, certified network engineers and skilled Cyber Essentials assessors, bring a wealth of practical experience and in-depth knowledge. By working with Data Connect, you can rest assured that you’ll have access to the best technology and an experienced team. 

We offer end-to-end cyber security services, whether that is related to cyber risk, technology selection or managed cyber security services.

Have a cyber security question? Talk to one of Data Connect’s cyber security experts.

Share this post

Related Posts

Network Segmentation Explained: Key Concepts and Benefits 

Network Segmentation Explained: Key Concepts and Benefits    Understanding Network Segmentation  Network segmentation is a cyber security strategy that involves dividing a large network into...

Your Guide to Secure Access Service Edge (SASE)

Your Guide to Secure Access Service Edge (SASE) As organisations increasingly embrace digital transformation, securing their networks has become paramount. A comprehensive approach to network...

Charity Cyber Essentials Awareness Month

Charity Cyber Essentials Awareness Month     Proud Certification Body and Cyber Advisor At Data Connect, we are proud to be a Certification Body, Assured...

Get in touch

SPEAK WITH AN EXPERT

01423 425 498

Related Posts

Network Segmentation Explained: Key Concepts and Benefits 

Network Segmentation Explained: Key Concepts and Benefits    Understanding Network Segmentation  Network segmentation is a cyber security strategy that involves dividing a large network into...

Your Guide to Secure Access Service Edge (SASE)

Your Guide to Secure Access Service Edge (SASE) As organisations increasingly embrace digital transformation, securing their networks has become paramount. A comprehensive approach to network...

Charity Cyber Essentials Awareness Month

Charity Cyber Essentials Awareness Month     Proud Certification Body and Cyber Advisor At Data Connect, we are proud to be a Certification Body, Assured...