So long, passwords: 5 easy ways to use passkeys

By this point, you’ve probably heard of passkeys, a much simpler (and more secure) alternative to passwords. You don’t have to memorize anything or mess with complicated mixes of numbers, letters, and symbols. Plus, they’re phishing resistant—an advantage given the increase of scams on the web.

People I speak with are usually sold on this idea but often don’t know how to get started. But it’s dead easy. You just have to pick a way to store your passkeys. Here’s a brief overview of the different options:

1. Your smartphone. This one’s seamless, especially if you’re most often on your phone instead of a laptop or PC. Creating passkeys is generally automated when initiating the process from a mobile app or browser. Works for both iOS and Android.
2. Your tablet. Identical experience as on a phone. A possibly ideal alternative for those who leave their tablet at home and also worry about losing their phone and thus all their passkeys.
3. Your PC. Windows will save passkeys for you if you initiate the process of creating one on your laptop or desktop PC.
4. A hardware key. YubiKey and the Google Titan Security Key are examples of dongles that can not only serve as a strong two-factor authentication method but also store passkeys. (If you have an older version, it will need to support the FIDO2 protocol to be compatible with passkeys).
5. Your password manager. Passwords won’t die out just yet, but even when they do, password managers will still have value by being a place you can store your passkeys. You will trade some potential security if the manager is cloud-based—don’t use a weak password to protect the account!—but generally, this method is reliable.

Microsoft

You can read more about how passkeys work in our full rundown, but basically, all you need to know is that you only need to create them and then authorize their use with either biometrics (e.g., fingerprint) or a PIN. They can’t be spoofed or compromised if a website is hacked.

Their only weakness: If you lose the device you’ve stored them on, you can’t use them. However, this problem is quickly solvable. While you can’t back them up (each passkey is unique), you can create additional passkeys on other devices as your alternate method(s) for logging in. Keeping an existing password is also a viable backup sign-in method, provided you combine it with two-factor authentication to block hackers from access.

Currently, support for passkeys continues to grow. Major services like Google, Apple, and Microsoft have already implemented them, as have major retailers (think Target, Best Buy, etc.). But even if passkeys haven’t taken over the web yet, most people who try them find that switching over some accounts to passkeys saves a lot of headache.