Skip to content

Commit

Permalink
Updating passkeys promo blog (#2947)
Browse files Browse the repository at this point in the history
* Updating passkeys promo blog

* Update astro/src/content/blog/why-passkeys-matter.mdx

Co-authored-by: Mark Robustelli <[email protected]>

* Update astro/src/content/blog/why-passkeys-matter.mdx

Co-authored-by: Mark Robustelli <[email protected]>

* Update astro/src/content/blog/why-passkeys-matter.mdx

Co-authored-by: Mark Robustelli <[email protected]>

---------

Co-authored-by: bradmccarty <[email protected]>
Co-authored-by: Mark Robustelli <[email protected]>
  • Loading branch information
3 people authored Mar 14, 2024
1 parent d8370c3 commit b198104
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
42 changes: 42 additions & 0 deletions astro/src/content/blog/why-passkeys-matter.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
publish_date: 2024-03-12
title: Why Passkeys Matter
description: The world needs a better solution than passswords. Passkeys improve security while also being easier to use.
image: /img/blogs/why-passkeys/why-passkeys-matter.png
categories: Education
authors: Brad McCarty
tags: authentication, passkeys
excerpt_separator: "{/* more */}"
---
24 billion. That's how many passwords hackers [exposed](https://us.norton.com/blog/privacy/password-statistics#:~:text=Before%20diving%20into%20the%20nitty,%2C%20weak%2C%20or%20reused%20passwords.) in a single year. That's a staggering enough figure, and even more sobering when you realize that it gets bigger each year. The fact is that passwords are the worst combination of user experience and security. The best ones are difficult to remember, changed often, and never reused. It's no wonder that nearly 85 percent of people [recycle passwords](https://bitwarden.com/blog/a-closer-look-at-password-statistics/#:~:text=Here%20are%20some%20of%20findings,and%20names%20of%20loved%20ones).

We need something better. Fortunately, [passkeys](/guides/what-is-a-passkey) are here as the answer. They're the replacement for passwords. As unlikely as the combination may seem, passkeys enhance security while making the user experience better.

## The Limitations of Passwords

If everyone followed best practices for passwords, we wouldn't need to have this conversation. Using only capital and lowercase letters, there are over 218 trillion possible password combinations. When you add numbers and symbols, that number increases exponentially. Seems secure enough, right?

But people aren't very good at creating passwords. Upwards of 13 percent of Americans [use the same password](https://explodingtopics.com/blog/password-stats) for every account. Only 37 percent even bother using two-factor authentication. There are also those few that still write their passwords on sticky notes and put it on their monitor. These behaviors make for insecure logins that are vulnerable from their creation.

The [best identity and login solutions](/docs/customize/look-and-feel/client-side-password-rule-validation) make it easy for developers to require good password behaviors. They use rules, validated by the app itself. These rules force specific combinations of uppercase, lowercase, numbers, letters, and symbols. Unfortunately, the more secure password rules are, the more likely it becomes that people will recycle them, forget them, or generally find them unappealing.

## The Rise of Passkeys

Passkeys evolved out of the ideas behind public-key cryptography. This technology, first discussed in the 1970s, uses two keys. The public key is shared out in the open. The private key remains secure and confidential. The user can only gain access when both keys are present.

Fast forward to 2022 and big names in technology (Microsoft, Google, and Apple) joined up to unveil their support for passkeys on World Password Day. Now the challenge is getting the rest of the world to follow suit.

## Passkeys in Action

If you've used Windows Hello or Apple's FaceID, you've probably used passkeys. That PIN, fingerprint, or facial scan proves your identity. Once that's done, you're then given access to the public and private key pair to unlock the app in question.

Let's get specific. Say that you are signing up for access to a website. Typically, you would input a username and password combination that you'd have to remember. With passkeys, that same website says "this person is logged in to a secure device, and we can trust that they are who they say they are." Instead of using a username and password combination, you scan your fingerprint, face, or use a PIN to gain access to the site moving forward.

## Further Reading

This blog post is only scratching the surface when it comes to passkeys. We spent some time putting together a white paper that details how passkeys can revolutionize security. We'd love to share it with you.

Download our free white paper: [Why Passkeys Improve User Security](/tech-papers/why-passkeys-improve-user-security-how-to-implement-them/?utm_medium=organic&utm_source=blog&utm_campaign=passkeys_whitepaper).

The best time to implement passkeys was yesterday. The next best time is right now. Let's work together to build a more secure, easier-to-access, and better online world.

0 comments on commit b198104

Please sign in to comment.