Best Practices for Passkeys

Follow

Passkeys are a groundbreaking new concept set to revolutionize and build upon current ideas on two factor authentication. 

Instead of using a password, users can now use a device or password manager to instantly grant access to your frequently visited sites.

With new paradigms comes best practices on how to better manage your passkeys, which we've gathered here for your reference.

  • Treat your device as your key - This is already the case if you store passwords on your phone or mobile device, but your passkeys are only as secure as the device on which they're stored. Bad actors can't phish or recreate your passkeys, so their only option is to try and steal or gain access to your device. Make sure your device is safe and protected by a strong passcode, which you shouldn't share with anybody.
  • Remember which device houses your passkeys - To make accessing your sites easier, you'll want to remember which devices you have designated for different passkeys. Some users may prefer to have a single device to contain all of their passkeys to better know which passkeys need to be regenerated if the device becomes lost.
  • Try to choose passkeys when available - Passkeys have encryption tools that allow for better security. A thief will never be able to guess it as it is tied strictly to your device.
  • Make sure your browser and devices are up-to-date - To use passkey features, your internet browser and device must be updated to supported versions. Published requirements of passkeys include:
    • Computers running at least Windows 10, macOS Ventura, or ChromeOS 109
    • Mobile devices running at least iOS 16 or Android 9
    • Hardware security keys that support FIDO2 protocol
    • Browsers running at least Chrome 109, Safari 16, or Edge 109 (other browsers may be supported)
    • Devices with Screen lock and Bluetooth enabled
    • Apple devices with biometric options like fingerprint or face scanning enabled