For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online accounts. But adoption has been slow, with many companies and websites still relying on passwords. Now the world's biggest social media platform is jumping on the bandwagon.
On Wednesday, Facebook announced that it will soon support passkeys on mobile devices. This means you'll be able to use one to sign in to Facebook on an iPhone or Android device. But the passkey won't be limited to your actual Facebook account.
In the coming months, support will expand to Messenger, helping you better safeguard your encrypted messages and message backups. You'll also be able to use the passkey to autofill and authenticate payment information if you purchase something through Meta Pay.
Also: Why the road from passwords to passkeys is long, bumpy, and worth it - probably
On the upside side, passkeys are a decided improvement over passwords for authenticating your account logins. Whereas passwords are difficult to manage and vulnerable to compromise, passkeys are much easier and safer.
Developed by the FIDO Alliance, a passkey lets you sign in to an account using a PIN, a biometric method such as facial or fingerprint recognition, or a physical security key. Because that passcode is tied to you, you're able to use it to sign into the same account everywhere. Passkeys are automatically generated when you choose that option at a supported website. They can also eliminate or reduce the need for two-factor authentication codes.
A passkey consists of two separate cryptographic keys, known as a key pair. One key is public and registered with the app or website. The other key is private and stored only on your device. The key pair handles the authentication process between your device and the app or website. For that reason, the passkey is much more resistant to any type of hacking or other security threat.
"Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes because they are resistant to guessing or theft by malicious websites or scam links, making them effective against phishing and password spraying attacks," Facebook said in its announcement. "By using passkeys, you'll have increased protection against online threats while also simplifying your login experience."
On the downside, passkeys are still in the nascent stage.
Beyond their limited support, no universal or consistent way yet exists to set them up or sync them across different devices. As such, the initial setup process can be difficult and frustrating, depending on the website or app. A passkey generated on a mobile device may not easily sync to your PC, or vice versa. These are challenges that the FIDO Alliance and its members still need to tackle.
Also: If we want a passwordless future, let's get our passkey story straight
Facebook's rollout of passkeys points to one hiccup. The company said it would soon allow passkeys on mobile devices. Fine, but what about PCs? Facebook failed to mention any passkey support for its desktop website. If that's the case, it means you'll still have to rely on your current Facebook password when you visit the site. That defeats part of the purpose of using passkeys, which should be a replacement for passwords, not an additional login method.
How to create a Facebook passkey
Facebook promises that creating your passkey will be easy. To do this, you'll go to Settings in the Facebook app and head to Accounts Center. From there, choose the option to create a passkey and then follow the steps. Once the feature is available, you may also be prompted to set up a passkey when you sign in to Facebook.
With support coming to mobile devices, hopefully the option will extend to Facebook's website sometime in the near future. For now, at least this is one small step for Facebook users eager to escape the burdens of the much-hated password.
Get the morning's top stories in your inbox each day with our Tech Today newsletter.
English (US) ·