Facebook’s new passkey support could soon let you ditch your password forever
For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online accounts. But adoption has been slow, with many companies and websites still relying on passwords. Now the world’s biggest social media platform is jumping on the bandwagon.
On Wednesday, Facebook announced that it’s now rolling out support for passkeys on mobile devices. This means you’ll be able to use one to sign in to Facebook on an iPhone or Android device. But the passkey won’t be limited to your actual Facebook account.
Also: Why SMS two-factor authentication codes aren’t safe and what to use instead
In the coming months, support will expand to Messenger, helping you better safeguard your encrypted messages and message backups. You’ll also be able to use the passkey to autofill and authenticate payment information if you purchase something through Meta Pay.
“These changes will begin to go into effect today and will gradually roll out to everyone globally on Facebook and Messenger in the coming months, starting with Facebook on iOS and Android,” a Facebook spokesperson told ZDNET.
On the upside side, passkeys are a decided improvement over passwords for authenticating your account logins. Whereas passwords are difficult to manage and vulnerable to compromise, passkeys are much easier and safer.
Developed by the FIDO Alliance, a passkey lets you sign in to an account using a PIN, a biometric method such as facial or fingerprint recognition, or a physical security key. Because that passcode is tied to you, you’re able to use it to sign into the same account everywhere. Passkeys are automatically generated when you choose that option at a supported website. They can also eliminate or reduce the need for two-factor authentication codes.
Also: Biometrics vs. passcodes: What lawyers say if you’re worried about warrantless phone searches
A passkey consists of two separate cryptographic keys, known as a key pair. One key is public and registered with the app or website. The other key is private and stored only on your device. The key pair handles the authentication process between your device and the app or website. For that reason, the passkey is much more resistant to any type of hacking or other security threat.
“Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes because they are resistant to guessing or theft by malicious websites or scam links, making them effective against phishing and password spraying attacks,” Facebook said in its announcement. “By using passkeys, you’ll have increased protection against online threats while also simplifying your login experience.”
On the downside, passkeys are still in the nascent stage.
Beyond their limited support, no universal or consistent way yet exists to set them up or sync them across different devices. As such, the initial setup process can be difficult and frustrating, depending on the website or app. A passkey generated on a mobile device may not easily sync to your PC, or vice versa. These are challenges that the FIDO Alliance and its members still need to tackle.
Also: 5 simple ways to regain your data privacy online – starting today
Facebook’s rollout of passkeys points to one hiccup. Initially, the option will be available only in the Facebook iOS and Android apps. They won’t be accessible on the website, either the desktop or mobile version. That means you’ll still have to rely on your current Facebook password when you visit the site. And that defeats the purpose of using passkeys, which should be a replacement for passwords, not an additional login method.
However, more universal support seems to be in the works.
“Passkeys are not currently available on the mobile site for phones or tablets,” the spokesperson told ZDNET. “We are starting with the Facebook app on mobile and are looking to bring passkeys to more surfaces in the future, including desktop.”
How to create a Facebook passkey
Facebook promises that creating your passkey will be easy. Once the option is available, open the Facebook iOS or Android app. Tap your profile picture and select the Settings icon. Tap the setting for Accounts Center. Under Account settings, select Password and security and then tap the option for Passkey. From there, follow the steps to set up your passkey. At some point, you may also be prompted to set up a passkey when you sign in to Facebook.
Despite the initial lack of support for Facebook’s website, this is a promising step for Facebook users eager to escape the burdens of the much-hated password.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
READ MORE HERE