Summary
Passkeys are setto replace passwordsover the next few years. But one of the hurdles during this transition will be passkey sharing—you aren’t supposed to know your passkeys, you’re able to’t type them out manually, so how do you share passkey-protected accounts with friends and family?
ThisCybersecurity Awareness Weekarticle is brought to you in association withIncogni.
What Are Passkeys?
Old-fashioned passwords are inconvenient and often pose a risk to user security. Your password may be included in a data leak, for example, and a sophisticated phishing scheme might trick you into writing out your password for a hacker. There are several ways to improve the convenience and security of passwords—a premiumpassword manageris the best option—but very few people will ever take the steps to secure their digital life.
Nobody knows your secret keys, not even you. If a website is hit by a data breach, only its public keys will be leaked. And unless a hacker sits down at your phone or computer (and manages to fool your fingerprint reader or guess your PIN), stealing your private keys is an extremely difficult task.
All major operating systems now offer a built-in passkey manager. Some password management tools, such as 1Password, also offer passkey support. But as passkeys become common practice across the web, people will start wondering how they’re supposed to share these keys with friends or family. After all, if you don’t know your private keys, how are you supposed to share them?
Which Passkey Managers Allow You to Share Passkeys?
Only a handful of passkey management services allow you to share your passkeys. If sharing is important to you, a premium password manager is usually your best option—your friends and family may need to use the same password manager, though.
Here are the popular passkey management services that currently offer (or plan to offer) a sharing feature:
Google is supposedly working onpassword sharing in Chrome, so passkey sharing may be possible in the future. There are no such rumors forWindows 11’spasskey implementation.
Note that passwords and passkeys will coexist for some time. If youneedto share login credentials with someone, you can simply send them your password. Creating a passkey for a website won’t make your password unusable, at least for now. And passkey sharing may be unnecessary (or discouraged) even as passwords are phased out.
Passkey Sharing May Never Become Common Practice
As of October 2023, only75 apps and websitesactually support the passkey standard. Very few of these apps and websites use passkeys as the default sign-in option, and none of them have forced users to enable passkeys. As passkeys become common and enforced, the problem of account sharing will need to be addressed. But, for better or worse, passkey sharing may not be the chosen solution.
Most web-based services are trying to crack down on account sharing, and many websites already require two-factor authentication through a text message or email. The idea that these business will encourage passkey sharing is somewhat unbelievable. Yes, some accounts or services must be shared with family, caretakers, or other people in your home. But even in these situations, passkey sharing isn’t completely necessary. Businesses may simply ask you to generate a unique passkey for each person. Or, they may ask everyone to create a unique account that can be linked to yours. (The latter option is already preferred by some subscription services, as it gives users a sense of privacy and makes data collection easier.)
Not to mention, passkeys are supposed toincreaseuser security. If passkeys are too easy to share, we may not see a substantial boost in user security, as phishing schemes and other attacks will continue to be effective. So, passkey sharing may be uncommon, it may be discouraged, or it may be restricted to a family group that you’ve made within your passkey manager. It will take a few years for everything to shake out.
