As I’ve said before, passwords suck. So do made-up holidays, but World Password Day (which rolls around yearly on May 1) offers as good excuse as any to kick your passwords to the curb.
Sure, the holiday’s intent is getting you to update your passwords to be more secure—like finally abandoning password12345 (oof) for XSmpJAI5v@NtG-7L#Q2F. Or, if passphrases are more your vibe, Water-Whom-Atom-Flame-Snake5.
But to heck with updating. Go with replacing. Specifically, replacing your passwords with passkeys.
Passkeys don’t require memorization, can be stored directly on your phone, and are stronger than passwords. One particular advantage: They’re phishing-resistant. Also, if a website gets hacked (all too common these days), your credential information shouldn’t be crackable nor usable by anyone else.
When you create a passkey, both a public and a private key are generated. (This is known as public-key or asymmetrical encryption.) The private key is kept by your device or password manager. Supported devices include phones, tablets, hardware dongles like YubiKeys, and compatible PCs. You can choose to store passkeys locally on your device or in the cloud.
These secret keys are secured by your device’s biometric authentication (e.g., fingerprint or face), or the method that secures your password manager.
Alaina Yee / Foundry
Meanwhile, the public key is shared with the website it’s generated for. You need both the public and private key to log in to the account they’re tied to. Whenever you log on, the website will ask for proof you’re the account owner, via the following steps:
- A request is sent to your device (or password manager) to begin the verification process.
- Your fingerprint, facial scan, or other authentication method is required to authorize the request.
- If you approve, your private key (aka secret key) is used to create a digital signature, which is then sent to the website.
- The website then uses the digital signature to try unencrypting the public key you gave it. If successful, you’re in.
When passkeys are implemented correctly, no one can deduce your private key based on the public key—which means data leaks and breaches aren’t as dangerous. (At least, in regard to password health.) Passkeys also only work for the specific site they’re generated for, so they can’t be captured or used by fake malicious sites, which is how phishing schemes steal passwords.
The one real wrinkle with passkeys is if you store them locally on a device—if you lose the device, you could get locked out of your account. But this will only happen if you consciously choose to save a passkey locally, like storing them to a Windows PC with a local-only account (rare these days) or a YubiKey. And you can easily avoid problems by having a second device or hardware security key, and/or adding an extremely secure password and two-factor authentication to your account as backup.
That last option doesn’t fully escape passwords, but it at least gets you most of the way there for your day-to-day. I personally find logging in with a passkey faster than passwords, even when using a password manager with autofill.
If switching feels like a big task, start first with major services like Google, Apple, Microsoft, as well as big stores like Amazon, Target, and Best Buy. Converting your most frequently accessed apps and sites, as well as any that deal with sensitive information (including billing info), already makes online life more secure and convenient.
Editor’s note: This article was first published in January 2025 in anticipation of “Change Your Password Day.” (Yes, another made-up holiday!) It’s been revised and bumped up for World Password Day 2026.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.