Updated
Updated · bankenverband.de · Jun 5Online Services Expand Passkey Logins, Cutting Phishing Risk With 2-Key Passwordless Access
3 articles · Updated · bankenverband.de · Jun 5Summary
- More online services are rolling out passkeys, letting users sign in without passwords through device biometrics, PINs or face scans.
- Passkeys work through a two-key cryptographic system: one key stays on the user’s device and the matching key is held by the online service.
- That setup reduces phishing risk because users do not create, remember or type credentials that can be stolen on fake websites.
- Secure use still depends on strong device locks, recovery options such as backups or a second device, and avoiding public or shared devices.
- The technology was developed by the FIDO Alliance, which is pushing passwordless login standards across devices and services.
Insights
Are passkeys creating a more dangerous single point of failure by making our phones the master key to our entire digital lives? As AI agents begin acting on our behalf, how will we authenticate them securely without opening new doors for sophisticated digital fraud?