What Are Passkeys and How to Use Them With Your Crypto.com Account
Passkeys are a safer alternative to passwords that can be used alone or with your hardware token. Here’s how to set one up for your Crypto.com account.
Key Takeaways:
- Passkeys provide a safer alternative to traditional passwords by eliminating the need to memorise complex passwords, adding phishing resistance to your accounts, and reducing the risk of password theft.
- They leverage cryptographic keys for authentication that only operate on the legitimate website or app where the passkey was created, offering a higher level of security.
- Passkeys streamline the login process by allowing users to log in without entering passwords or undergoing additional two-factor authentication steps.
- The implementation of Passkeys is supported by major tech companies like Google, Apple, and Microsoft, as well as many financial banking apps, through the FIDO Alliance.
- Passkeys can be used with hardware tokens.
- Creating and using Passkeys for your Crypto.com account is a straightforward process. It involves just a few taps and verifying your identity.
- Passkeys represent the future of digital authentication, addressing the growing security concerns associated with traditional passwords.
What Are Passkeys?
Internet users have spent three decades memorising passwords for email, social media, and e-commerce sites, often evoking memories of childhood pets and maiden names for the accompanying safety questions should you, inevitably, forget one of your dozens of passwords.
Unfortunately, over the last couple of years, these passwords that were once a safeguard have increasingly become a security risk.
That’s why Crypto.com, alongside Google, Apple, Microsoft, and many other companies, announced the introduction of Passkeys.
You can now set up your Passkey by going to Settings > Security > Passkeys, and then following the instructions in the Crypto.com App.
Or if you’d like to learn more about the technical details of Passkeys first, read on, as this article dives into how Passkeys are created, why they are safe, and how you can create your own for Crypto.com.
What Is WebAuthn, the Technology Behind Passkeys?
Before delving into the topic of Passkeys, we first must go into WebAuthn, the system behind Passkeys. WebAuthn operates on the foundation of digital signatures, an approach that already offers superior security compared to stand-alone passwords.
WebAuthn was originally designed to store the private key in hardware tokens or USB dongles. However, as technology has progressed, leading tech firms like Apple, Google, and Microsoft have been instrumental in advancing a software and TEE hybrid version of WebAuthn, eventually termed Passkey.
Most importantly, WebAuthn is resilient to phishing scams.
Why Passkeys Are Phish-Proof
The flaw with conventional digital signatures is that one might unknowingly sign an authentication request challenge set by a counterfeit domain disguised as the genuine one.
However, WebAuthn effectively prevents phishing. It does this by generating a distinctive public/private key pair, by taking the domain to which one attempts to log in into the equation. As such, with WebAuthn, a phishing attempt that leads you to a false domain will fail because it is impossible to sign in using the key of the legitimate domain.
Even one tiny character change in the domain name will render a different key. As a result, there is no old-school password to phish, nor will there be a valid signature if the domain you are trying to log in to does not match.
Passkey offers the security provided by WebAuthn, paving the way for widespread adoption, making this technology accessible to virtually every internet user today. Additionally, users can choose the option to conveniently save their Passkeys to an external hardware token, like a security key, for even greater security.
Who Is Behind Passkeys?
Passkeys were created by the FIDO Alliance — a joint initiative founded in 2011 by Apple, Google, and Microsoft — to make authentication better. Companies that use Passkeys include Amazon, WhatsApp, LinkedIn, PayPal, and many more.
How Do Passkeys Work?
According to Passkeys.io, a Passkey is a ‘discoverable WebAuthn credential’. But what does that mean?
We can break this down into its three parts:
Discoverable means the credential contains information about the user (e.g., a user ID) and, therefore, enables a log-in flow that does not require a username or password. Instead, users can just click on the “Sign in with a passkey” button and present a passkey to sign in.
WebAuthn is the system described above that Passkeys are built on.
Credentials is the final part of the Passkeys definition. In the WebAuthn context, credentials are cryptographic private keys — in other words, the actual secrets that make Passkeys secure. Just like with cryptocurrency wallets, each private key has a matching public key that resides on the server and will be used to check signatures created with the private key.
Each passkey is unique and bound to a username and a website or app, meaning a user will have at least as many Passkeys as they have accounts; and, in most cases, even more, as most users will want to set up multiple Passkeys per account: one Passkey on an iPhone and one on a PC, both for the same account, for example.
Advantages of Passkeys
Passkeys offer several advantages over traditional password-based authentication systems.
Here are some key benefits:
Enhanced Security
Resistance to Phishing and Credential Theft: Passkeys use cryptographic key pairs, which are far more difficult for hackers to steal or duplicate. Unlike passwords, Passkeys are not susceptible to phishing attacks or brute-force attempts.
Elimination of Password Reuse: Since Passkeys are unique to each account, the common security risk of password reuse across multiple sites is eliminated.
Reduced Dependency on Passwords
No Need to Memorise Passwords: Users no longer have to remember complex passwords or manage password lists. Passkeys simplify the login process to just a few clicks or a biometric verification.
No More Password Resets: The hassle of password recovery and reset processes is eliminated, saving users time and reducing the risk of lockouts due to forgotten passwords.
User Convenience
Single Sign-On Capability: Passkeys can be used across different devices and platforms, providing a seamless single sign-on experience. Users can easily authenticate without repeated login prompts.
Unified Authentication Flow: Passkeys integrate smoothly with existing biometric systems like Apple’s Face ID, Google’s Android biometrics, or Windows Hello, providing a consistent user experience.
Enhanced Privacy
Local Storage of Private Keys: The private keys used in Passkeys are stored securely on the user’s device, often in a secure enclave or Trusted Platform Module (TPM), reducing the risk of centralised data breaches.
Minimised Data Exposure: By eliminating the need to transmit passwords over the Internet, Passkeys reduce the exposure of sensitive information to potential interception or leaks.
How to Set Up Passkeys With Your Crypto.com Account
To set it up on the App, it takes just four steps:
1. Go to Settings > Security > Passkeys
2. Tap ‘Add Passkey’ at the bottom of the page
3. Complete the required verification
4. Choose where to save your Passkey and complete the authentication process
We have also added hardware token support into our Passkey implementation, providing customers who want an even more secure option the flexibility to use their hardware FIDO2 tokens.
Conclusion
In conclusion, Passkeys represent a significant advancement in digital security, offering a streamlined and safer alternative to traditional passwords. By leveraging built-in capabilities of modern operating systems and browsers, Passkeys eliminate the need for users to remember complex passwords and allow users to bypass time-consuming authentication steps.
The implementation of Passkeys is backed by major tech companies like Google, Apple, and Microsoft through the FIDO Alliance. This collaboration ensures widespread adoption and compatibility across various platforms, enhancing the overall security landscape.
Setting up Passkeys with your Crypto.com account is a straightforward process that enhances your account security by utilising cryptographic keys stored on your device. As the digital world continues to evolve and cyberattacks continue to exponentially increase with geopolitical tensions and the advancements in artificial intelligence, adopting Passkeys can significantly reduce the risk of unauthorised access and protect your personal information more effectively.
Due Diligence and Do Your Own Research
All examples listed in this article are for informational purposes only. You should not construe any such information or other material as legal, tax, investment, financial, cybersecurity, or other advice. Nothing contained herein shall constitute a solicitation, recommendation, endorsement, or offer by Crypto.com to invest, buy, or sell any coins, tokens, or other crypto assets. Returns on the buying and selling of crypto assets may be subject to tax, including capital gains tax, in your jurisdiction. Any descriptions of Crypto.com products or features are merely for illustrative purposes and do not constitute an endorsement, invitation, or solicitation.
Past performance is not a guarantee or predictor of future performance. The value of crypto assets can increase or decrease, and you could lose all or a substantial amount of your purchase price. When assessing a crypto asset, it’s essential for you to do your research and due diligence to make the best possible judgement, as any purchases shall be your sole responsibility.
Bagikan ke Teman
Siap memulai perjalanan kripto Anda?
Dapatkan panduan langkah demi langkah untuk mengatur
sebuah akun dengan Crypto.com
Dengan mengeklik tombol Kirim, saya menyatakan telah membaca Pemberitahuan Privasi Crypto.com tempat kami menjelaskan cara kami menggunakan dan melindungi data pribadi Anda.