What is a digital passkey, and why do you need one in WA?

OK, first off, they don't call it a digital passkey, they just call it a passkey. I have digital in the title because I figured it would make more sense as we got started.  

So, I think we all agree that passwords are a giant pain. I mean, we have to have them, right? But how do you remember them all? You certainly don't want to use the same password for everything. Now are we going to have the same situation with the passkey? 

We have password managers that supposedly keep track of your passwords so that you don't have to, but passwords can be easy to guess and hack. That's why companies like Microsoft and Apple are putting forward the idea of using a passkey. 

According to msn.com,
‘Thankfully, passkeys are growing in popularity and have a real chance to replace them completely, eliminating the need for traditional email and password combinations, and making your online accounts much harder for hackers to access.’ 

What is a passkey? 

Basically, a passkey is kind of like a two-part authenticator. There's a public part to your passkey that lives with the account you're trying to access. There's a private passkey that lives only in your personal device. Whether it's a phone, a laptop, a tablet, it's there stored in your password manager or if you're using an Apple product, your "keychain". 

After your device or (if it's an Apple device), iCloud account authenticates your identity, then the two keys combine to give you access to your account. Passkeys are not yet universal, but they're rapidly growing in popularity. They are much more difficult to hack. Passkeys can't be guessed or shared. They are unique to each website you're looking at, and a hacker can't grab your passkey by hacking a websites database and stealing information. 

Hackers love cookies. 

Any time you log into a website the first thing the website does is look for cookies. Specifically, its own cookies, and if it sees them, then it lets you in. The problem is, if the hacker happens to be riding along with you, they also see your cookies, and they can use your cookies to log into a website that you're looking at and take advantage of that with full access. 

If a hacker (unknown to you) is riding along on your Internet session, they just wait for you to log into a website and then they use the validated cookie in your browser when they go back to the website later.  

An important tip is to manage your cookies.  

When you log in and you get that data privacy screen that pops up, don't just accept it. Navigate to “cookies” or “user data” and then choose the shortest possible session duration. If you do this, your cookies will automatically expire when you close your session. That’s a good thing. 

 So, what is the best password or passkey manager? 

According to msn.com,
‘PCMag, Choice award winners NordPass and Proton Pass, can store and generate passkeys for you. Android and iOS users can store passkeys using the built-in Apple Passwords app or Google Password Manager.’ 

You would think that with us living in Washington state, the home of Microsoft that password security would be simple and ubiquitous. Not so much, especially for some of us older folk. 

It may be time that I start using a password manager and move to passkeys. It will make my life simpler and make hackers' lives much more difficult.