Germany’s cybersecurity agency recommends using Passkeys over passwords

The Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, urges businesses and consumers to use Passkeys instead of passwords.

“We have to make cybersecurity as simple as possible and at the same time robust. Passkeys are a perfect example of how you can meet technical challenges with technical solutions. You own the future,” says Claudia Plattner, Director of the BSI.

Passkeys are an authentication method which is based on WebAuthn, which is short for Web Authentication. This technology allows providers of social media platforms to build strong authentication into their services by using registered customer devices, such as a smartphone or laptop.

Passkeys are based on the principles of asymmetric cryptography, meaning there are two sets of keys. The public key is stored on the website providing a service, the private key is kept on your personal device. If both keys match, your identity is verified and you’ll gain access to your account.

Passkeys have several advantages over passwords. First of all, you don’t have to remember anything, because Passkeys are generated automatically. Unlike passwords, Passkeys can’t be forgotten as they are stored on your device.

Furthermore, every online account has a unique Passkey. Passwords on the other hand can be used for numerous sites, making it riskier to secure your accounts. In addition, Passkeys are resistant to phishing and man-in-the-middle attacks.

Finally, Passkeys are syncable, support multiple devices and operating systems, and provide strong authentication.

Passwords that have been stolen or hacked pose a serious threat, both for entrepreneurs and consumers. Threat actors and cybercriminals could use them to gain access to corporate networks and sensitive data, or to commit identity theft and fraud. Therefore, according to the BSI, Passkeys offer “a significantly higher level of security than conventional methods”.

However, a survey shows that the benefits of Passkeys are still poorly known and only one in five people use it. Germany’s cybersecurity agency calls on online service and technology providers to raise awareness of Passkeys and promote them more effectively.

“Passkeys should be presented to consumers as a simple and safe login method. In addition, the uncomplicated setup and easy use of Passkeys can be highlighted,” The BSI adds.