In the spring of 2022, technology giants like Apple and Google announced the introduction of passkeys on their platforms. This technology, which was to be implemented on iPhones, Macs, and Android devices, was hailed as a revolutionary step toward a passwordless future. Two years after this announcement, however, a complex picture is emerging: passkeys are both a source of frustration and confusion, especially for those not deeply rooted in the IT world.

What are Passkeys?

Passkeys are a form of digital authentication that aims to replace traditional passwords with a more secure and user-friendly method. They are based on the principle of asymmetric cryptography, which was first introduced in 1976 by cryptographers Whitfield Diffie and Martin Hellman. This technology uses cryptographic key pairs – a public and a private key – to securely confirm a user's identity.

Illustrating the Technology

The functionality of passkeys can best be compared to a mailbox: the public key functions like a mail slot through which anyone can send data. However, this data is securely stored and can only be accessed by the person with the private key – the mailbox key. The private key always remains in the user's possession and is never shared.

The Practical Implementation of Passkeys

The introduction of passkeys was intended to simplify logging into websites and apps by making usernames, email addresses, passwords, and two-factor authentication obsolete. But the reality is different. The use of passkeys is plagued by various problems that hinder their acceptance.

1. Inconsistent Implementations

The way different providers implement passkeys is highly varied. Some services, like Google, still require the entry of an email address before the passkey can be used, while other platforms, like GitHub or Nintendo, allow direct authentication without prior identification.

2. Storage and Platform Dependency

Passkeys are stored on users' devices, supported by the respective operating systems such as Windows, MacOS, and Android. While these platforms allow for easy synchronization of passkeys across user accounts, they also use the technology to tie users to their ecosystems. Switching to a different operating system can be significantly more difficult as a result, as the passkeys are not transferable.

3. Lack of User-Friendliness and Support

Despite the initial enthusiasm for the technology, many users complain about a lack of user-friendliness and insufficient support from websites and services. The new type of authentication often leads to confusion, as the familiar combination of username and password is replaced by an almost invisible system.

Personal Opinion and Outlook

Initially, I was enthusiastic about the idea of passkeys. They promised to simplify registration and login processes and make them more secure. Two years later, however, I see a clear discrepancy between the vision and the reality. The lack of standardization, lack of interoperability between different platforms, and insufficient user guidance make broad acceptance of this technology difficult.

Although passkeys have the potential to revolutionize digital authentication, the current difficulties show that significant challenges still need to be overcome. Without comprehensive support, clear guidelines, and improved user guidance, it will be difficult to achieve the broad acceptance necessary for real change.

It remains to be seen whether passkeys will ultimately deliver on the promise of a passwordless future, or whether we will have to continue to deal with the traditional methods of user authentication in the future.