Passwords are dying, long live passkeys. Practically the entire tech industry seems to agree that hexadecimal passwords need to die, and that the best way to replace them is with the cryptographic keys that have come to be known as passkeys. Basically, rather than having you type a phrase to prove you’re you, websites and apps use a standard called WebAuthn to connect directly to a token you have saved — on your device, in your password manager, ultimately just about anywhere — and authenticate you automatically. It’s more secure, it’s more user-friendly, it’s just better.
The transition is going to take a while, though, and even when you can use passkeys, it’ll be a while before all your apps and websites let you do so. But Dashlane is trying to help move things along, announcing today that it’s integrating passkeys into its cross-platform password manager. “We said, you know what, our job is to make security simple for users,” says Dashlane CEO JD Sherman, “and this is a great tool to do that. So we should actually be thinking about ushering in this passwordless era.”
Going forward, Dashlane users can start to set up passkeys to log into sites and apps where they previously would have created passwords. And whereas systems like Apple’s upcoming implementation in iOS 16 will often involve taking a picture of a QR code to log in, Dashlane says it can make the process even simpler because it has apps for most platforms and an extension for most browsers.
To demonstrate, Rew Islam, Dashlane’s director of engineering, shared his screen with me over Zoom and opened up the WebAuthn website — so few apps support passkeys that the standard’s website is the best way to test them — and typed in his email address to register a new account. “At this point, you’d do your dance with the phone, you’d be scanning a QR code, but here in the corner, Dashlane is like, ‘Hey, do you want to create a new key with Dashlane?’ And you click confirm and it’s done.”
The passkey tech works, Islam says. It has for a while, and companies have been testing it and beginning to implement it for several years. The biggest challenge for the industry has been getting everyone on board with the same model for the future of authentication, which has actually happened — Google, Apple, Microsoft, and others are all betting on the same underlying passkey technology, managed through the FIDO Alliance. Apple is adding passkey support to iCloud keychain, letting users log into their devices and apps just by authenticating with Touch ID or Face ID; Google is also planning support for passkeys in Android and Chrome. Microsoft has been building passkey support for some time, using Windows Hello and other authentication tools.
Ultimately, competing with the tech giants could be a problem for Dashlane and the other password managers — it’s hard to out-convenience the built-in software that Google, Apple, and Microsoft can ship with their devices. But for now, Dashlane is happy to have the world’s biggest companies, and their commensurately big marketing budgets, telling the world about passkeys.
“FIDO and the three big platform vendors have put in a lot of marketing, a lot of messaging, to get people off this drug that is ‘okay, type in my password,’” Islam says. “That has nothing to do with technology — it’s culture and user behavior.”
And yes, competing will be hard, Sherman says, but isn’t it always? “Technology’s changing, and the big platforms have a lot of power. I have never worked in an industry where that was not the case.”
As more platforms authenticate with passkeys, Islam says, that will also help with adoption. He points out that most of those companies hate passwords just as much as users do and have plenty of incentives to make the switch. The main sticking point for now is mobile; Android and iOS are getting passkey support, but Islam says he anticipates third parties like Dashlane won’t get access to mobile passkey tech until next year at the earliest.
The next few months are almost certainly going to be a season of passkeys, as security apps of all kinds begin to support them and apps begin to let you use them. The FIDO Alliance is a who’s-who of the companies you’d want to be invested in the project, and with so much of the tech settled, it’s just a matter of implementation now. Passwords aren’t dead yet, but we know what’ll kill them. And it’s slowly coming to life.
Source: https://www.theverge.com/2022/8/31/23329373/dashlane-passkeys-password-manager