Passwords have been a part of the internet since it first came around, to the point where it's hard to imagine services going without them. However, as time goes on, cybercriminals have gotten smarter at stealing passwords and hacking into people's accounts.

Fortunately, we're not just stuck with passwords forever. There's another secure login technology called passkeys, where your device acts as one half of a key, and then the service acts as the other. When you go to log in, your PC combines the two parts to make a whole key, which it uses to log you in.

Some big tech companies have rolled out passkey compatibility for their services, but it hasn't caught on in a big way yet. However, it seems that the Fast Identity Online (FIDO) Alliance wants to change that. As reported by Gizmodo, the alliance posted two articles close to one another: the first being a guide on passkeys and the second being a credentials exchange standard for login details like passkeys. It seems the FIDO Alliance is getting ready to push companies to swap to passkeys, and I'm all for it.

3 Passkeys remove the need for people to make smart passwords

And you don't even need to think about it

Passwords are fine when used correctly, but not everyone has good security hygiene. Given we have so many services that we log into daily, people often resort to weak memorable passwords, re-using passwords, or using weak password generation methods like keyboard walking.

Passkeys remove all of these flaws by putting the onus on the computer to create the passkey. That way, the computer can generate as complex a key as it wants. After all, the user isn't the one remembering it - the device is. No more hackers getting in by re-using common passwords or taking codes from data leaks and re-using them on other websites.

2 Passkeys are more resilient to leaks

Hackers only get one-half of the story

While we're on the topic of data leaks, passkeys aren't affected by leaks in the same way that passwords are. When a data leak hits a password database, it's (hopefully) encrypted. If the hacker manages to decrypt the database (either by brute force or by taking the key), they have everything they need to log into people's accounts.

Passkeys are a little different. Because they come in two halves, a data leak will only reveal one-half of the key. Without the user's key that's stored on their physical device, the hacker can't really do anything with the leak.

1 A standardized passkey method is exactly what we need

Get everyone on the same page

Okay, let's stop focusing on why I think passkeys are a good alternative and focus instead on what the FIDO Alliance is doing. See, you can use passkeys right now, but companies can approach them in different ways. That makes it hard for apps like password managers to store your passkeys, as what works for one service may not work at all for another. It's part of the reason why passkeys haven't totally taken over from passwords just yet - there are still some teething issues on how to best use the technology.

The solution? Standardization. To achieve that, a company proposes a pre-set format for passkeys which everyone else follows in their implementations. Once a standard is set up, developers can create apps for passkey storage with the confidence that it will work with every website and service. After all, if everyone is using the tech in the same way, the developer knows what to expect and how to handle the passkeys.

That's why the FIDO Alliance's documents I linked above are so important. It appears that the alliance understands that a lack of unification is what's keeping passkeys from being the password killers that people hope they will eventually become. In this case, the FIDO Alliance is trying to make it easier for companies to move user's passkeys between different devices and operating systems without issue. That would make it a lot easier for people to use their passkeys on all of their devices, regardless of what it is or what OS it's running.

The FIDO Alliance's proposed changes get a pass from me

When done correctly, a passkey system can reduce the amount of time spent logging into a service while also enhancing the system's security. However, with companies doing their own thing without a common standard, the technology hasn't had the chance to shine and has instead become a bit of a disorganized mess. That's why I'm hoping that the FIDO Alliance's new push for companies to adopt a passkey sharing standard will take off, as it has the potential to finally make the system worth everyone's time.