Please don't do this. (credit: Getty Images)
Big Tech wants to kill the password, with "Passkeys" being the hot, new password replacement standard on the block. Passkeys are
Google, Apple, Microsoft, and the FIDO Alliance, so expect to see them everywhere soon. iOS
the standard in version 16, and now Google is
launching passkey betas
on Chrome and Android.
The passkey argument is that passwords are old and insecure. Computer passwords were originally conceived as an easy-to-remember secret for humans to type into a text box. As the need for greater security arose, password managers arrived, making it easy to save and recall your passwords. Now, instead of some human-memorable phrase, the ideal way to use a password is to have a computer generate some wild string of characters and never reuse that password anywhere else. The password manager revolution is all a hack, though, built on top of that original text box. We don't really need the text box anymore, and that's where the Passkey standard comes in.
The Passkey standard just trades cryptographic keys with the website directly. There's no need for a human to tell a password manager to generate, store, and recall a secret—that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced. The downside is that, while every browser in the world supports showing that old text box, passkey support will need to be added to every web browser, every password manager, and every website. It's going to be a long journey.