Passkeys are a new way to keep your data safe
yes-cook/Getty Images
Can you remember all your passwords from your head? If so, you probably have too few of them – or, God forbid, just one that you use everywhere. But this problem may become a thing of the past in 2026.
Passwords are a cybersecurity nightmare because hackers trade stolen credentials on illicit markets every day. This is because the vast majority of passwords are too easy to crack, according to Verizon analysisjust 3 percent of which are sophisticated enough to withstand hackers.
Luckily, a solution is on the way—and it's surprisingly simple. Instead of typing in a string of meaningless letters and numbers (or worse, your pet's name), we'll increasingly see our devices instantly logging in using biometric verification such as your face or fingerprint.
“Passwordless ubiquity is now completely on the card and is becoming increasingly popular due to its superior security options, providing better protection against phishing and brute-force attacks than passwords alone,” says Jake Moore at cybersecurity firm ESET.
If you access your banking app using your fingerprint, you're already familiar with this new approach. It works by creating two cryptographic “pass keys” on your device, one public and one private. When you create an account, the public account is sent to the service you are trying to sign into, such as your bank, while the private account is stored on your device and cannot be accessed by anyone else.
To log in, your bank sends a one-time cryptographic challenge to your device instead of asking for a password. You use the fingerprint scanner on your device to verify your identity, which unlocks a secure chip that uses the private key to sign that request and sends the signed response back to your bank, which verifies it with the public key. Your biometric data never leaves your device. “Access keys provide ease of use, security and, most of all, convenience,” says Moore.
Large companies are already pushing users to use access keys. Microsoft announced May 2025 that it will avoid passwords, and new accounts created with Microsoft will have no passwords by default. “While passwords have been around for centuries, we hope to see an end to their dominance in our online world,” the company said. Others plan to follow suit next year. “As more platforms move to the password side over the next 12 months, more users will become accustomed to this new technology routinely biometrically scanning their faces,” says Moore.
Organizations starting to use passkeys are diverse: According to Dashlane, a company that provides password management services, online gaming platform Roblox is the fastest growing service to implement passkeys, increasing the number of authentications by 856 percent in the second quarter of 2025. The public sector is also getting in on the action: Germany's Federal Employment Agency is one of the three fastest growing countries to implement access keys.
“Reducing reliance on passwords is in every company’s strategic interest,” says Andrew Shikiar at the FIDO Alliance, an industry organization that encourages the use of passwords. It's also beneficial for users, according to FIDO: Data shows that organizations using access keys see 81 percent fewer calls to their IT help desk about login issues. Shikiar says he believes more than half of the 1,000 largest online sites will use passwords in 2026.
Topics:
