Passkeys are a new way to keep your data secure

da-kuk/Getty Images

Can you remember all your passwords off the top of your head? If so, you probably have too few of them – or, heaven forbid, only one that you use everywhere. But that problem could become a thing of the past in 2026.

Passwords are a cybersecurity nightmare, with hackers trading stolen sign-in credentials on illicit markets every day. That’s because the overwhelming majority of passwords are too hackable, according to an analysis by Verizon, with just 3 per cent complex enough to withstand hackers.

Thankfully, a solution is on the way – and it is surprisingly simple. Instead of typing in a string of meaningless letters and numbers – or worse, your pet’s name – we are increasingly going to see our devices log in instantaneously, using verification by biometrics like your face or fingerprint.

“A password-less ubiquity is now fully on the cards and becoming more popular, due to superior security options offering better security against phishing and brute-force attacks compared to passwords alone,” says Jake Moore at cybersecurity firm ESET.

If you access your banking app with a fingerprint, you are already familiar with this new approach. It works by generating two cryptographic “passkeys”, one public and one private, on your device. When you create an account, the public one is sent to the service you are trying to login to, such as your bank, while the private one is stored on your device and can’t be accessed by anyone else.

To log you in, your bank sends a one‑time cryptographic challenge to your device instead of asking for a password. You use the fingerprint reader on your device to confirm your identity, which unlocks a secure chip that uses the private key to sign this challenge and send the signed response back to your bank, which verifies it with the public key. Your biometric details never leave your device. “Passkeys offer ease of use, security and, above all, convenience,” says Moore.

Big companies are already pushing users to adopt passkeys. Microsoft announced in May 2025 that it would be shunning passwords and new accounts created with Microsoft would be password-less by default. “Although passwords have been around for centuries, we hope their reign over our online world is ending,” the company said. Others are set to follow in the coming year. “As more platforms jump on the passkeys bandwagon across the next 12 months, more users will become used to this new technology biometrically scanning their faces on a regular basis,” says Moore.

The organisations starting to adopt passkeys are varied: according to Dashlane, a company that provides password management services, the online game platform Roblox is the fastest-growing service adopting passkeys, increasing its number of authentications by 856 per cent in the second quarter of 2025. The public sector is also getting in on the action, with the German Federal Employment Agency in the top three fastest-growing adopters of passkeys.

“It is in every company’s strategic interest to reduce reliance on passwords,” says Andrew Shikiar at the FIDO Alliance, an industry body encouraging the use of passkeys. According to FIDO, it is also good for users, with its data suggesting that organisations adopting passkeys see 81 per cent fewer calls to their IT helpdesks around login issues. Shikiar says he believes more than half of the top 1000 sites online will use passkeys in 2026.

Topics: