Fifty years ago, at the dawn of the Internet, people logged on to systems using passwords. Today, we are still doing the same. Despite the astonishing growth and development of technology over the past five decades, user authentication is still stuck in the technological stone age. The problem is, as I explained here “If you don’t use a password manager, you will EVENTUALLY be hacked”, hackers are using machines to crack passwords, which the human brain simply cannot overcome.
According to Karspersky,
The vast majority of data breaches are caused by stolen or weak credentials.
According to CloudNine,
81% of hacking-related breaches used stolen passwords and/or weak passwords.
Troy Hunt’s Have I Been Pwned website shows that password-related data breaches are happening at such alarming frequency and magnitude that it should be clear that password authentication should not be trusted anymore.
Fortunately, there is good news.
Yesterday marked a turning point in the history of passwords. Apple released iOS 16 and introduced a new password-killer technology called Passkey. The premise of Passkey is simple. Instead of relying on the human brain to remember secrets to authenticate, it relies on using powerful machines to do the authentication instead.
The advantages of passkeys over passwords?
No shared secrets
First, unlike passwords, there is no shared secret between the user and the system in passkeys.
A passkey is a pair of public and private cryptographic keys. These two keys are mathematically related to one another, but you cannot derive one from the other. The system will keep the public key while the user’s device will keep the private key. To authenticate, the system will initiate a challenge-response protocol using the public key. The user can only answer
by isecurityguru 
