"Passkeys were supposed to be secure and simple; here’s how they fail - 9to5Mac"
I’ve been arguing that passwords are horrible for the best part of a decade now, and was an enthusiastic early adopter of using the fingerprint sensor on my iPhone to unlock it. The convenience of that method was startling. When the iPhone X moved to Face ID, I switched – and found it even more convenient. Face ID did everything Touch ID did, but better. I thought we were set.
The Promise of Passkeys
But the dream of a simple and secure future where our devices simply knew who we were and unlocked themselves for our use was a short-lived one. It became clear pretty quickly that we couldn’t just dispense with passcodes entirely, as sometimes our faces wouldn’t be recognized, or we would need to authenticate when wearing a mask.
This has led to an awkward hybrid solution where we are invited to ‘try again’ with Face ID and then enter our passcode. It’s better than having to enter the passcode every time, but it’s still an inconvenience – and feels rather like a step back from pure Face ID.
The Challenge of Passkey Autocorrect
Worse are the occasions when Face ID erroneously decides that you aren’t you, and you then mistype your passcode. The combination can be messy. Passcode entry is designed to be secure, with an option to erase all data if you enter the wrong code too many times, but that’s a less than optimal solution when it’s just Face ID that’s being flaky, not someone trying to guess your passcode.
It’s more complex for sites that require a username and passcode. When Face ID fails, it can be incredibly frustrating to have to remember or look up a specific password for each account. This process not only interrupts your workflow but also compromises security as users might be tempted to reuse passwords across accounts.
Authentication Vulnerabilities
With the rise of deepfakes, there’s a new concern about the security of biometric authentication. While advanced technologies like Face ID are incredibly sophisticated in detecting human features and movements, they are not foolproof. A well-crafted deepfake can potentially fool these systems into granting unauthorized access.
This highlights the need for multi-factor authentication, where a combination of something you know (like a passcode) and something you are (like a fingerprint) is required for access. This adds an extra layer of security, making it harder for malicious actors to bypass authentication measures.
Accessibility Challenges
Passkeys also present challenges for users with disabilities. Individuals with certain physical disabilities may find it difficult to use biometric authentication methods like Face ID or fingerprint scanning. This can lead to exclusion and frustration for those who cannot easily interact with these technologies.
Moreover, passcodes can be troublesome for individuals with cognitive impairments or memory issues. Remembering complex passwords or passcodes for multiple accounts can be a daunting task, potentially leading to lockouts or security risks if simple or repetitive passwords are used.
Data Privacy Concerns
One of the major concerns with passkeys is the issue of data privacy. Biometric data, such as fingerprint or facial recognition information used for authentication, is sensitive and personal. If this data is compromised or stolen, it can have serious implications for an individual’s privacy and security.
There have been instances where biometric data stored by companies for authentication purposes has been breached, highlighting the importance of robust security measures to protect this information. Users need assurance that their biometric data is securely stored and encrypted to prevent unauthorized access.
Future of Passkey Technology
Despite the challenges and limitations of passkeys, there is ongoing research and development in the field of authentication technology. Innovations such as behavioral biometrics, which use unique patterns of behavior for identification, show promise in enhancing the security and convenience of authentication methods.
Additionally, advancements in artificial intelligence and machine learning are being leveraged to develop more sophisticated authentication systems that can adapt to user behavior and provide a seamless and secure authentication experience.
In conclusion, while passkeys were envisioned as a secure and simple authentication solution, they are not without their flaws and limitations. It is essential for developers and manufacturers to address these challenges and work towards creating more robust and user-friendly authentication methods that prioritize security, convenience, and inclusivity.
If you have any questions, please don't hesitate to Contact Us
Back to Technology News