{"id":58562,"date":"2025-04-26T09:00:16","date_gmt":"2025-04-26T09:00:16","guid":{"rendered":"http:\/\/65f31ca6-7ab9-4544-add4-706c29f9d88d"},"modified":"2025-04-26T09:00:16","modified_gmt":"2025-04-26T09:00:16","slug":"if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/","title":{"rendered":"If we want a passwordless future, let’s get our passkey story straight"},"content":{"rendered":"
\n
\n
\"passkey<\/picture><\/div>\n

<\/div>

Hill Street Studios\/Getty Images<\/span><\/figcaption><\/figure>\n

In a recent article from a well-known tech publisher<\/a> that extolled the virtues of Bitwarden’s password manager, the author wrote the following (by the time you read this, the passage may have been corrected):<\/p>\n

\n

“Passkeys are an attempt to replace the password with a key that you don’t have to remember or worry about at all. When you create a passkey for a website, the site spits out two pieces of code, one it saves on the server, one it saves on your device. When you return to the site, the site checks for the code it saved to your device and if it’s there, it logs you in.”<\/p>\n<\/blockquote>\n

The passage includes multiple incorrect statements that work against the efforts of the FIDO Alliance<\/a> to educate the public on why passkeys are more secure than passwords for authenticating with websites or applications. (The FIDO Alliance is a consortium of high-tech leaders — including Microsoft, Google, and Apple — that develops and promotes the passkey technology standard.)<\/p>\n

The passage gets one thing right: “Passkeys are an attempt to replace the password with a key that you don’t have to remember or worry about.” That’s definitely one of the aspirations of the passkey standard.  <\/p>\n

Also: <\/strong>Why the road from passwords to passkeys is long, bumpy, and worth it – probably<\/strong><\/a><\/p>\n

“That’s the vision. The end result should be completely effortless,” said Mitchell Galavan, Google lead authentication UX designer, during a recent interview with ZDNET. “[You shouldn’t] even have to think about it,” added Galavan, who also serves as co-chair of the FIDO Alliance U\/X Working Group. “The experience should be seamless. You wouldn’t even have to know that the passkeys are showing up on your device if you don’t want to — you’re just getting to where you want to go.”<\/p>\n

When passkeys work, which is not always the case, they can offer a nearly automagical experience compared to the typical user ID and password workflow. Some passkey proponents like to say that passkeys will be the death of passwords. More realistically, however, at least for the next decade, they’ll mean the death of some<\/em> passwords — perhaps many passwords. We’ll see. Even so, the idea of killing passwords is a very worthy objective.<\/p>\n

The damage done by passwords<\/h2>\n

For four decades, passwords have been the Achilles’ heel of computer technology. Most of the damage done — by compromised accounts, identity theft, exfiltration of personal information, and digital theft of funds — involved compromised passwords. <\/p>\n

In many cases, passwords were unknowingly shared with malicious actors, often through phishing<\/a> (and more recently, smishing<\/a>). Phishing (email) and smishing (text messaging) are digital forms of social engineering that trick unsuspecting users into entering their user IDs and passwords into bogus, authentic-looking, and criminally operated websites.<\/p>\n

Also: 7 password rules security experts live by in 2025 – the last one might surprise you<\/a><\/strong><\/p>\n

Passwords and passkeys are similar in one important respect: They each involve a secret. However, the biggest difference between passwords and passkeys is how that secret is handled. With passwords, that secret is a shared secret. <\/p>\n

With passwords, you must always share your secret with the operator of the website or application (known in the cybersecurity world as the “relying party”). You do this when you set or reset the password, and you do this when you login. <\/p>\n

Phishers and smishers depend entirely on the shared secret’s basic principle. Their initial objective is always to get you to share your secret with them. <\/p>\n

In contrast, with passkeys — implausible as it sounds — the secret is never shared with a relying party. That’s right. With passkeys, when you login to a website or application, you never have to share a secret to complete the login process. Once you’re in the habit of not sharing secrets with legitimate sites and apps, the likelihood of sharing a secret with a phisher or smisher is greatly diminished or eliminated altogether. <\/p>\n

The passkey principle<\/h2>\n

Passkeys are based on public key cryptography, where two keys are paired. One key is public and can be shared with anyone, while the other is private and shared with no one. <\/p>\n

Also: The best security keys of 2025: Expert tested<\/a><\/strong><\/p>\n

More than likely, when the aforementioned article referred to “two pieces of code,” it was referring to the public and private key that make up what’s known as the public\/private key pair that forms the basis of a passkey. <\/p>\n

<\/p>\n

The reason that a public\/private key pair is so cool is that anything that’s encrypted with the public key can only be decrypted with the private key and vice versa. So, if I give you the public half of a public\/private key pair and you encrypt something with it, I’m the only person who can decrypt that information as long as I’m the only person in possession of the private half; the private key. On the flip side, if I use my private key to encrypt something, anyone with the corresponding public key can decrypt it. <\/p>\n

Also: Biometrics vs. passcodes: What lawyers say if you’re worried about warrantless phone searches<\/a><\/strong><\/p>\n

With passkeys, the device that the end user is using \u2013 for example, their desktop computer or smartphone — is the one that’s responsible for generating the public\/private key pair as a part of an initial passkey registration process. After doing so, it shares the public key \u2013 the one that isn’t a secret \u2013 with the website or app that the user wants to login to. The private key — the secret — is never shared with that relying party. <\/p>\n

This is where the tech article above has it backward. It’s not “the site” that “spits out two pieces of code” saving one on the server and the other on your device. It’s the device that spits out two pieces of code, saving one — the private key — to your device while sending the other one — the public key — to the relying party (“the server”). <\/p>\n

Passwords vs. passkeys at a glance<\/h2>\n\n\n\n\n\n\n\n\n\n\n
\n

Password<\/strong><\/h3>\n<\/td>\n

\n

Passkey<\/strong><\/h3>\n<\/td>\n<\/tr>\n

\n

Relies on a shared secret easily mishandled by involved parties, making it vulnerable to discovery by threat actors.<\/p>\n<\/td>\n

\n

Relies on a secret that stays in the user’s possession and is never shared, virtually eliminating the chances of discovery by threat actors.<\/p>\n<\/td>\n<\/tr>\n

\n

A string of characters picked by the user, sometimes with the help of a tool (a password manager) that’s in the user’s control.<\/p>\n<\/td>\n

\n

A matching pair of system-derived public and private cryptographic keys.<\/p>\n<\/td>\n<\/tr>\n

\n

User chooses how to store the secret (memory, sticky note, a password manager, etc.).<\/p>\n<\/td>\n

\n

The secret (the private key from the public-private key pair) is automatically  stored in some secure manner where even the user cannot readily recall it or share it.<\/p>\n<\/td>\n<\/tr>\n

\n

Entering user IDs and passwords is a ubiquitous user experience that’s widely understood and supported.<\/p>\n<\/td>\n

\n

User experience can be wildly different from one implementation to the next, which can be confusing. Not yet supported by many websites and apps.<\/p>\n<\/td>\n<\/tr>\n

\n

The same secret can be reused across multiple websites and applications (aka,  relying parties).<\/p>\n<\/td>\n

\n

The secret is unique and specific to a relying party. User doesn’t have the option to reuse it. <\/p>\n<\/td>\n<\/tr>\n

\n

De facto standards for password and multifactor implementations are relatively ancient and complete.<\/p>\n<\/td>\n

\n

Consortium-led standard is a work-in-progress. The passkey ecosystem still involves some technological gaps.<\/p>\n<\/td>\n<\/tr>\n

\n

Users are vulnerable to credential recovery as long as websites and apps support user IDs and passwords (which most sites do).<\/p>\n<\/td>\n

\n

Will truly fulfill its promise only once passwords are eliminated, which isn’t likely in the foreseeable future.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The distinction between the two is incredibly important because if the relying party generated the public\/private key pair, then the implication is that the relying party was, at one point, in possession of the full pair, which means it was in possession of the secret. One of the key principles of the passkey standard is that relying parties never come into contact with the secrets. <\/p>\n

How passkeys work their magic<\/h2>\n

After the relying party receives the public key from the user’s device, it saves the public key in a way that it can be recalled when the user returns to login. When the user comes back to log in, the relying party uses the user’s public key (the one it saved in the previous step) to encrypt a relatively randomized string of information known as “the challenge.” It sends that challenge back to the user. Upon receipt of the challenge, the user relies on the matching private key to decrypt the message. Then it re-encrypts the string and sends it back to the relying party, which then uses the public key to decrypt it to see if it matches the random string that was originally sent to the user. If there’s a match, the user is authenticated to use the relying party’s site or app.<\/p>\n

Also: Why multi-factor authentication is absolutely essential in 2025<\/a><\/strong><\/p>\n

Therefore, the statement that “when you return to the site, the site checks for the code it saved to your device and if it’s there, it logs you in” is also untrue. First, the site never saved anything to your device. Second, the site is unable to interrogate your device for the existence of either of the keys. <\/p>\n

So, how does this stop phishing? First, once a user registers a passkey with a relying party, they should, from that point forward, never be asked for their user ID or password by that relying party. If the user receives an email (phishing) or text (smishing) with a link that takes them to a website that, in turn, asks for their user ID and password, the user should assume that the site is bogus. After all, it’s asking for a deprecated piece of information. <\/p>\n

Furthermore, let’s say that a malicious site somehow got hold of your public key and offered you the ability to log in with your passkey. You might go so far as to authenticate with the malicious site. But even if you went that far, you would never have shared any actual credentials with the malicious actors in a way that they could reuse to break into your accounts. <\/p>\n

Also: How going passwordless can simplify your life<\/a> <\/strong><\/p>\n

Passkeys have a long way to go before they realize their potential. Some of the current implementations are so alarmingly bad that it could delay their adoption. But adoption of passkeys is exactly what’s needed to finally curtail a decades-long crime spree that has plagued the internet. In order to drive that adoption, it’s terribly important to make sure that when anyone tells the passkey story, it gets told accurately.<\/p>\n

Stay ahead of security news with <\/em>Tech Today<\/em><\/strong><\/a>, delivered to your inbox every morning.<\/em><\/p>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Passwords and passkeys each involve a secret. The critical difference: How that secret gets handled.READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-58562","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"\nIf we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"If we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-26T09:00:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"If we want a passwordless future, let’s get our passkey story straight\",\"datePublished\":\"2025-04-26T09:00:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/\"},\"wordCount\":1864,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/9101dcabc245cefc97e8aff36dd173f45143020c\\\/2025\\\/04\\\/24\\\/23c59cc0-9a41-43fe-a877-511bfe285387\\\/gettyimages-79874499.jpg?auto=webp&width=1280\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/\",\"name\":\"If we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/9101dcabc245cefc97e8aff36dd173f45143020c\\\/2025\\\/04\\\/24\\\/23c59cc0-9a41-43fe-a877-511bfe285387\\\/gettyimages-79874499.jpg?auto=webp&width=1280\",\"datePublished\":\"2025-04-26T09:00:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/9101dcabc245cefc97e8aff36dd173f45143020c\\\/2025\\\/04\\\/24\\\/23c59cc0-9a41-43fe-a877-511bfe285387\\\/gettyimages-79874499.jpg?auto=webp&width=1280\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/9101dcabc245cefc97e8aff36dd173f45143020c\\\/2025\\\/04\\\/24\\\/23c59cc0-9a41-43fe-a877-511bfe285387\\\/gettyimages-79874499.jpg?auto=webp&width=1280\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"If we want a passwordless future, let’s get our passkey story straight\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"If we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/","og_locale":"en_US","og_type":"article","og_title":"If we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-04-26T09:00:16+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"If we want a passwordless future, let’s get our passkey story straight","datePublished":"2025-04-26T09:00:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/"},"wordCount":1864,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/","url":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/","name":"If we want a passwordless future, let's get our passkey story straight 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280","datePublished":"2025-04-26T09:00:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/9101dcabc245cefc97e8aff36dd173f45143020c\/2025\/04\/24\/23c59cc0-9a41-43fe-a877-511bfe285387\/gettyimages-79874499.jpg?auto=webp&width=1280"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/if-we-want-a-passwordless-future-lets-get-our-passkey-story-straight\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"If we want a passwordless future, let’s get our passkey story straight"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58562"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58562\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}