Image: Unsplash
Windows passkeys may be the new Windows Hello of Windows 11. I’ve just started trying them, and I want more. Lots more.
Remember, Windows Hello debuted on Windows 10 as a biometric means of authentication. Since then, you’ve been able to open a laptop, show your face to the camera, and absolutely ignore any requirement to type in a Windows password to unlock your PC. It’s simple, extremely convenient, and largely foolproof.
Passkeys are the latest iteration, and they’re debuting in the Windows 11 22H2 update, available now. (They’ll also appear in the Windows 11 22H3 or Windows 11 2023 Update, launching in the fourth quarter.) Instead of typing in a password on a website, passkeys use your PC’s biometric identification instead. Essentially, you’re logging onto a website using Windows Hello.
For now, there are relatively few sites that actually use passkeys: Best Buy, WhatsApp, GitHub, and 1Password do. And the kicker is that you’ll have to create a passkey for each site.
Some sites’ passkey support are tied to mobile devices, however — not Windows. Logging in on a desktop PC will ask you to register your fingerprint with your phone. I’m not going to say which approach is more secure, but using passkeys on your PC is certainly more convenient than fishing out your phone.
Mark Hachman / IDG
So far, I have two passkeys on my PC: my Microsoft account, and Google. You should be able to visit Microsoft’s Microsoft account site to set up a passkey for Windows, or one may be simply created for you via Windows Hello. (I now have three devices set up with the Windows 11 22H2 update, and I don’t recall adding a Windows passkey on more than one.)
With my Google account, I had to visit Google’s passkey site, log in, and then opt to create a passkey. Google’s passkey process offers the option of using linked phones, but you can also create a passkey on “this device,” aka a PC. That required explicitly clicking that option and entering my Google password. (Chrome supports passkeys, too.) Microsoft provides some generic instructions to create Windows passkeys here, though they essentially vary by site.
Passkeys are managed in the Windows Settings menu (Accounts > Passkeys), including the option to delete them. It appears that a PIN is still your backup option, in case you’ve recently grown a beard or your PC’s fingerprint sensor gets grimy.
Third-party passkeys may in fact eventually sync in the background, but I have yet to see them roam to my other devices.
Passkeys are disarmingly simple
Microsoft doesn’t appear to offer a mobile passkey option as yet, although it has quietly released dozens of mobile apps for Android phones.
So far, I’m a fan. The convenience of simply logging into a website with your face instead of using a long, complex, unique password is extremely handy — and I still have that password memorized as a backup. Using your face to log in does have some hypothetical security risks — what if someone opened my laptop and forced me to “log in” with my face at gunpoint? — but I can live with those. Could malware force an authentication popup to instantly log me in while it works in the background? I don’t know, and the cybersecurity community is paid to debate issues like this.
It’s probably fair to say, though, that biometric login — whether it be on a PC or phone — is one of those technologies that has had a positive effect on our culture. Passkeys appear to be the next iteration, with similar benefits.
For now, I think the convenience of “instant” logins supersedes any hypothetical threats I could come up with. If more sites support passkeys, my inclination right now is to jump on the passkey bandwagon.
Author: Mark Hachman, Senior Editor
