AARP Hearing Center
A whopping 16 billion login credentials have been exposed across Apple, Facebook, Google and and other sites and services, according a Thursday report from researchers at the Cybernews tech security outlet.
Such reports of massive data breaches are sobering, but most of us agree passwords are a drag. At best, we’re indifferent to them even as we begrudgingly recognize their purpose.
The biggest tech companies share your frustration. Apple, Google and Microsoft, along with giant companies in other fields, are throwing their collective weight behind a password alternative called passkeys, which promise to be more secure than regular passwords and eliminate the associated hassles.
The concept is hard to grasp initially, but a huge benefit to users is you will no longer need to remember passwords. Instead you can log iinto sites via your face, fingerprint or other biometrics tied to the device you're using.
Password security
• How to build a better password
• Members Only: Frustrations
• Using a password manager
• The future of logging in
• Data safety habits to cultivate
Passkeys are based on a cryptographic standard developed by the Fast IDentity Online (FIDO) Alliance, an industry group, and the World Wide Web Consortium. FIDO Alliance members include Amazon, American Express, Bank of America, Chase, CVS Health, eBay, Lenovo, Mastercard, Meta, Netflix, PayPal, Samsung, Sony, Qualcomm, Target, TikTok, Visa and Wells Fargo.While passwords as we know them aren’t going to disappear anytime soon, the new passkey solution is beginning to gain traction.
More than 13 billion accounts were able to leverage passkeys for signing in as of last year, according to FIDO.
In 2023, Google began rolling out passkeys across all Google Accounts on all major platforms, meaning you now had the option to ditch passwords. Google even offered passkeys as the default option for signing into those accounts.
Passkeys leverage biometric login methods you may already be taking advantage of, such as facial recognition, fingerprint scanning or even a personal identification number that you probably know better as a PIN code.
Apple has also publicly embraced passkeys. At its latest Worldwide Developers Conference earlier this month, Apple demonstrated how upcoming major releases of software for iPhone, iPad, Mac, and Vision Pro can make it easier to securely import and export passkeys across competitive platforms, perhaps a Windows PC.. Apple has suggested that its future operating systems promise to replace passwords for good in the long term.
What’s the difference?
Passcode, a.k.a. personal identification number (PIN). A secret numeric code of at least four digits that a person uses to verify his or her identity
Password. A word or string of characters that an authorized user creates to log in to a computer system or service
Passphrase. A sentence-like set of words or characters, longer than a password but often easier to remember, that serves as a login to apps and websites
Passkey. A method of verifying an app or website user who is tied to both the app or site and the device trying to gain access. Both “keys” need to fit before a user is allowed in, but the process is done without entering a username or other proof of identification.
The problems with existing passwords
We’re all too familiar with the problems passkeys aim to solve. Most people ignore the advice of security experts and use the same or similar passwords across the board when signing in to apps and websites. Indeed, 2 in 3 Americans report reusing passwords for different online accounts, according to an Ipsos poll of 4,000 U.S. adults.
Making matters worse: We often choose passwords that are no more complex than the name of our pet or kindergarten teacher, not to mention “password” as a password or “12345.” In other words, soft credentials the bad guys can easily guess.
A recent CNET survey found about half of U.S. adults have "risky password habits."
And when we do choose strong passwords that are way harder to crack — a long seemingly random string of upper- and lower-case letters, numbers and symbols — we often have a hard time remembering them.
Password managers that let you store and auto-generate complex passwords can ease some of the irritation folks feel, sometimes for a subscription price. But relatively few people take advantage of them.
More From AARP
How to Change Your Router Password
Keep your network secure. Ditch what came with the device
Why Your Phone Might Have an eSIM
You won’t have to transfer a tiny SIM card between phones when you switch
Securely Erase Data Before Recycling
Wipe data clean before recycling PCs, phones, tablets