A survey conducted by the FIDO Alliance reached 10,000 consumers across various countries including the U.S., UK, France, Germany, Australia, Singapore, Japan, South Korea, India, and China, and revealed that 57 percent of people are now aware of passkeys, a significant increase from 39 percent two years ago.

The survey also found that only 16 percent of respondents were unaware of passkeys, down from 28 percent two years ago. Among those who are aware of passkeys, 62 percent reported using them to secure their website and app accounts.

The use of passwords has been declining, with the average percentage of respondents who manually entered a password over the last two months falling to 28 percent this year from 38 percent in 2022.

This decline in password use is observed across various sites and apps, including financial services, work accounts, social media accounts, media and streaming services, and smart home assistants.

Darren Guccione, CEO and co-founder of Keeper Security, explains that individuals are becoming more aware of passkeys and are prioritizing their personal cybersecurity by increasingly implementing passkeys into their digital routines.

Commentary

Passkeys work by using public key cryptography, where each passkey consists of a private key stored locally on the device used to create the passkey, and a public key stored with the company where the account was created. This means that even if there is a breach, cybercriminals can only access the public key, which is useless without the private key.

Security is one of the main reasons people are gravitating toward passkeys and away from passwords.

Passkeys typically rely on some form of biometric authentication, which is considered safer and less vulnerable than passwords. When asked which methods of authentication they consider the most secure, 29 percent of those polled named biometrics, while only 15 percent cited a complex password that only they will remember, and 14 percent pointed to a one-time passcode sent to their mobile device.

So, how do passkeys work?

Imagine someone steals your mobile device. If you use passkeys for account security, the thief will still face significant challenges in accessing your accounts.

Here is why:

When you set up a passkey for an account, it involves creating a pair of cryptographic keys: a private key and a public key. The private key is stored securely on your device, while the public key is stored with the service provider (e.g., your bank or email service).

To access your account, the service provider sends a challenge to your device, which must be signed with the private key. This process typically requires biometric authentication, such as a fingerprint or facial recognition, to unlock the private key.

In the case of a stolen device, the thief would need to bypass the biometric authentication to access the private key. Without your fingerprint or facial recognition, the private key remains locked and inaccessible. Even if the thief manages to access the device, they will still need to pass the biometric check to use the private key for account access.

The final takeaway is that the combination of cryptographic keys and biometric authentication ensures that only you can use the passkey to access your accounts, making it extremely difficult for anyone else, including a thief, to gain unauthorized access.

Source: https://www.zdnet.com/article/passkeys-are-more-popular-than-ever-this-research-explains-why/