🔐 Passkeys are here – say bye to "Forgot password?"

🔐 Passkeys are here – say bye to "Forgot password?"

As you may have already noticed in the app, we recently added passkeys, a more secure form of multi-factor authentication, to Shakepay. Not only are passkeys highly resistant to phishing and SIM-swapping attacks, they can even allow you to ditch your account password altogether.

But how do passkeys work, and how can having no password be better than having a strong password?

Here's a closer look at passkeys, their benefits, and how they can make your life easier and your account safer.

What’s wrong with good old passwords?

Using passwords has almost become second nature for most of us when we go online. That said, it’s important to remember that despite their widespread use, passwords carry several important vulnerabilities.

Passwords rely on something you know – like a PIN or a combination of letters, numbers, and special characters. This means passwords can be stolen through phishing attacks, like when users are tricked into entering their credentials on fraudulent websites, or through social engineering tactics. 

Passwords also tend to make the sign-in experience cumbersome. Let’s face it: even with a password manager, managing passwords is often inconvenient, time-consuming, or downright annoying. Signing into an account with a password always seems to take a little bit longer than it should.

So what are passkeys?

Passkeys are a form of authentication designed to be both secure and easy to use. Unlike passwords, which rely on something you know, passkeys rely on something you have — usually a physical device like a smartphone or a security key.

Let’s say you decide to go ahead and create a passkey for Shakepay using your smartphone. Your device will generate a pair of cryptographic keys: a public key and a private key. The public key is going to be shared with us so we’re able to sign you into your account in the future while the private key is going to remain securely stored on your device.

In addition to the private key on your device, signing into your account with passkeys also requires either biometric data, such as your fingerprint or face authentication, or a PIN. 

The many benefits of passkeys

1. Enhanced security 🔒

Signing into your account with passkeys doesn’t involve transmitting a password that could be intercepted or stolen. Your private key always remains on your device.

2. Convenience 🚀

You don’t need to remember complex passwords for different sites. Authentication can be as simple as unlocking a device using biometrics data or a PIN.

3. Resistance to phishing and SIM-swapping 🎣

Because the authentication process doesn't rely on passwords or codes sent over SMS, passkeys are inherently resistant to phishing attacks and SIM swap scams.

Attackers can't simply trick you into revealing your passkey. To access your account, they would need physical possession of your device and a way to bypass your biometric security.

Setting up your passkey on Shakepay

Getting started with passkeys on Shakepay is easy. In your Shakepay app, go to "Security & privacy" under Settings, select "Passkeys," and follow the instructions on screen to create a new passkey for your account.

Transitioning away from passwords

Once you've set up a passkey, you’ll have the option to remove your password entirely from your account. To do so, go to "Security & privacy" under Settings, select "Passkeys," then “Remove your password”. Simply follow the instructions on screen to eliminate your password.

No longer relying on a password to protect your account may feel strange at first, but it makes sense: Without a password, there’s no information to give out, accidentally or on purpose, that could allow anyone else to access your account.

But what if I lose the device tied to my account? How can I log in?

When you’re using passkeys, losing the device tied to your account doesn’t mean you lose all access to your account. Getting back into your account can be done by resetting your password and re-verifying your identity so we know it’s really you trying to gain access.

If you ever lose the device tied to your account, we recommend contacting our support team so we can guide you through the recovery process. 

The future is passwordless

Passkeys represent a significant step forward in securing digital accounts, offering an alternative to passwords that’s both highly secure and user-friendly.

Setting up a passkey only takes a moment at first and saves you a ton of time and mental energy after that, giving you the peace of mind that comes with knowing your account is further protected.

So that’s passkeys! Ready to give it a try? Passkeys are now live in the Shakepay app 🔐