Passwords, Passkeys… and the Ongoing Question: How Safe Am I?
One question I hear time and time again from clients is a simple one: “How safe am I?”
More often than not, that conversation starts with passwords.
Think back over the years – we started with “memorable words”, moved to more complex passwords, then onto completely unmemorable strings of characters generated by our computers. Now, we’re being introduced to something new again: passkeys.
So naturally, the next question is: is this just another name for what we already have?
In short – no. It’s a fundamentally different (and more secure) way of logging in.
Let me explain 🙂
The National Cyber Security Centre has recently made its position very clear: “passwords are no longer resilient for the contemporary world.” That’s quite a statement, but it reflects what many of us in IT have been seeing for some time.
So, what exactly is a passkey?
A passkey replaces your password with a unique digital key that’s linked to your device – usually your phone or laptop. Instead of typing in a password, you simply confirm it’s you using something like your fingerprint or facial recognition.
Behind the scenes, it’s a bit like a lock and key system. One part of the key is stored securely on your device, and the other part sits with the service you’re logging into. When you sign in, your device proves it has the correct key – without ever sharing it.
The important point is this: the “private” part of the key never leaves your device.
Why is that more secure?
Passwords have always had a few weaknesses.
- People reuse them.
- They can be guessed.
- They can be stolen in data breaches.
- And they can be phished – where you’re tricked into entering your details into a fake website.
Passkeys remove those risks.
They only work with legitimate websites, so phishing attacks simply don’t work in the same way. There’s no password to steal, and even if a company’s systems were breached, the data held there is useless to attackers.
In fact, recent guidance suggests passkeys can be more secure than even a combination of password and two-factor authentication.
What about convenience?
This is where it gets interesting.
As well as being more secure, passkeys are also easier to use. Something I really like.
There’s nothing to remember, and logging in is significantly quicker – often just a few seconds compared to over a minute when using passwords and verification codes.
So I’m pleased to say it’s one of those rare situations where security and simplicity actually improve at the same time.
What happens if I lose my device?
This is usually the next concern.
Passkeys can be backed up securely in the cloud through providers like Apple or Google, or stored within a password manager. If you lose a device, you can still recover access – although it’s fair to say the process can take a bit of effort if you don’t have a backup device available. But I can help you.
It’s another reminder that having a sensible setup – including backups and recovery options – is just as important as the technology itself.
So, where does this leave you?
Like many things in IT, this isn’t just about the technology – it’s about how you use it.
I believe passkeys are a positive step forward, but they form part of a wider picture. You still need to think about how you manage access, train your teams, and protect your systems overall.
The shift away from passwords is happening, and it’s happening quickly. The question for most businesses is no longer if they’ll adopt passkeys, but when and how.
I’m already helping clients navigate that transition – making sure it’s done securely, practically, and in a way that works for their day-to-day operations.
Because ultimately, when my clients ask “how safe am I?”, the answer I recommend is that it is built on confidence – not uncertainty.
If you’d like to review how your business manages access and security, or explore whether passkeys are right for you, simply give me a call on 01473 350444 or email enquiries@heronit.co.uk
Share this…
