đ Passkeys are here â say bye to "Forgot password?"
As you may have already noticed in the app, we recently added passkeys, a more secure form of multi-factor authentication, to Shakepay. Not only are passkeys highly resistant to phishing and SIM-swapping attacks, they can even allow you to ditch your account password altogether.
But how do passkeys work, and how can having no password be better than having a strong password?
Here's a closer look at passkeys, their benefits, and how they can make your life easier and your account safer.
Whatâs wrong with good old passwords?
Using passwords has almost become second nature for most of us when we go online. That said, itâs important to remember that despite their widespread use, passwords carry several important vulnerabilities.
Passwords rely on something you know â like a PIN or a combination of letters, numbers, and special characters. This means passwords can be stolen through phishing attacks, like when users are tricked into entering their credentials on fraudulent websites, or through social engineering tactics.
Passwords also tend to make the sign-in experience cumbersome. Letâs face it: even with a password manager, managing passwords is often inconvenient, time-consuming, or downright annoying. Signing into an account with a password always seems to take a little bit longer than it should.
So what are passkeys?
Passkeys are a form of authentication designed to be both secure and easy to use. Unlike passwords, which rely on something you know, passkeys rely on something you have â usually a physical device like a smartphone or a security key.
Letâs say you decide to go ahead and create a passkey for Shakepay using your smartphone. Your device will generate a pair of cryptographic keys: a public key and a private key. The public key is going to be shared with us so weâre able to sign you into your account in the future while the private key is going to remain securely stored on your device.
In addition to the private key on your device, signing into your account with passkeys also requires either biometric data, such as your fingerprint or face authentication, or a PIN.
The many benefits of passkeys
1. Enhanced security đ
Signing into your account with passkeys doesnât involve transmitting a password that could be intercepted or stolen. Your private key always remains on your device.
2. Convenience đ
You donât need to remember complex passwords for different sites. Authentication can be as simple as unlocking a device using biometrics data or a PIN.
3. Resistance to phishing and SIM-swapping đŁ
Because the authentication process doesn't rely on passwords or codes sent over SMS, passkeys are inherently resistant to phishing attacks and SIM swap scams.
Attackers can't simply trick you into revealing your passkey. To access your account, they would need physical possession of your device and a way to bypass your biometric security.
Setting up your passkey on Shakepay
Getting started with passkeys on Shakepay is easy. In your Shakepay app, go to "Security & privacy" under Settings, select "Passkeys," and follow the instructions on screen to create a new passkey for your account.
Transitioning away from passwords
Once you've set up a passkey, youâll have the option to remove your password entirely from your account. To do so, go to "Security & privacy" under Settings, select "Passkeys," then âRemove your passwordâ. Simply follow the instructions on screen to eliminate your password.
No longer relying on a password to protect your account may feel strange at first, but it makes sense: Without a password, thereâs no information to give out, accidentally or on purpose, that could allow anyone else to access your account.
But what if I lose the device tied to my account? How can I log in?
When youâre using passkeys, losing the device tied to your account doesnât mean you lose all access to your account. Getting back into your account can be done by resetting your password and re-verifying your identity so we know itâs really you trying to gain access.
If you ever lose the device tied to your account, we recommend contacting our support team so we can guide you through the recovery process.
The future is passwordless
Passkeys represent a significant step forward in securing digital accounts, offering an alternative to passwords thatâs both highly secure and user-friendly.
Setting up a passkey only takes a moment at first and saves you a ton of time and mental energy after that, giving you the peace of mind that comes with knowing your account is further protected.
So thatâs passkeys! Ready to give it a try? Passkeys are now live in the Shakepay app đ