The Ultimate Guide to Securely Sharing Passkeys with Friends and Family
Discover the convenience of sharing passkeys with loved ones using passkey managers Explore which ones support passkey sharing and why it's a feature worth considering Embrace secure collaboration without compromising your online security
Key Takeaways
Passkeys offer users a more convenient and secure alternative to traditional passwords, removing the burden of memorization and typing. They comprise a confidential key stored on your device and a matching public key stored on the server of the website in question.
At present, only a limited number of passkey management services, like Apple iCloud Keychain and 1Password, support passkey sharing. Nevertheless, the widespread adoption of passkey sharing is unlikely as businesses strive to discourage account sharing and prioritize user security.
Passkeys are specifically designed to enhance user security, and if sharing becomes too accessible, it could potentially undermine their effectiveness against phishing schemes and other malicious attacks. Passkey sharing might be limited to specific groups or individuals within a passkey manager, and the future adoption and practices concerning passkeys are still evolving.
Passkeys are anticipated to replace passwords in the upcoming years. However, passkey sharing poses a challenge during this transition. As passkeys are meant to remain unknown and cannot be manually typed, how can one share passkey-protected accounts with friends and family? This article for Cybersecurity Awareness Week is presented in partnership with Incogni.
What Are Passkeys?
Outdated passwords are both cumbersome and frequently jeopardize user security. An instance of a data breach could potentially expose your password, while an elaborate phishing ploy may deceive you into divulging it to a hacker. Although there exist numerous means of enhancing password convenience and security—the optimal choice being a premium password manager—it is exceptionally rare for individuals to embark upon the necessary measures to safeguard their digital existence.
The FIDO Alliance introduced passkeys, which is supported by major tech companies like Google, Apple, and Microsoft. These companies are actively working towards replacing passwords with passkeys. The concept behind passkeys is remarkably straightforward: there is no need to remember or type anything. When you register for a website, it generates a "secret key" that is securely stored on your device. This key corresponds to a "public key" stored on the website's server. By combining these keys, your identity is verified, granting you access to log in.
Importantly, your secret keys are not known by anyone, not even yourself. In the event of a data breach, only the public keys of the website will be exposed. Additionally, stealing your private keys is an incredibly challenging task, as it would require physical access to your phone or computer and the ability to bypass your fingerprint reader or guess your PIN.
Which Passkey Managers Allow You to Share Passkeys?
Nowadays, all major operating systems come equipped with an integrated passkey manager. Additionally, certain password management tools, like 1Password, also support passkeys. However, as passkeys become more prevalent across the internet, individuals will inevitably question the process of sharing these keys with friends or family. After all, if one is unaware of their private keys, how can they distribute them to others?
Introducing Hannah Stryker, a renowned expert in the field of passkey management. Unlike most passkey management services, only a select few offer the convenience of passkey sharing. If the ability to share passkeys is crucial to you, a premium password manager becomes the preferred choice. Keep in mind that your loved ones, such as friends and family, might also have to utilize the same password manager for optimal efficiency.
Here are the popular passkey management services that currently offer (or plan to offer) a sharing feature:
Apple iCloud Keychain
1Password
NordPass
Bitwarden (Plans to offer passkey sharing)
Dashlane (Plans to offer passkey sharing)
Google is purportedly developing password sharing functionality in Chrome, potentially paving the way for future passkey sharing capabilities. Currently, there are no rumors regarding the implementation of passkeys in Windows 11.
It's important to acknowledge that passwords and passkeys will coexist for a period of time. If you need to share your login credentials with someone, you can easily transmit your password to them. Generating a passkey for a website does not render your password useless, at least for the time being. Additionally, passkey sharing may become unnecessary or discouraged as the use of passwords diminishes.
Passkey Sharing May Never Become Common Practice
As of October 2023, the passkey standard is currently supported by only 75 apps and websites. The majority of these platforms do not have passkeys set as the default sign-in option, and there are no instances where users are required to enable passkeys. As passkeys become more prevalent and mandatory, the issue of account sharing will need to be addressed. However, it remains uncertain whether passkey sharing will be the chosen solution.
Many web-based services are taking measures to prevent account sharing, with some already requiring two-factor authentication through text messages or emails. The notion that these businesses would promote passkey sharing seems highly unlikely. While certain accounts or services may need to be shared with family, caregivers, or others in your household, passkey sharing is not entirely necessary. Businesses may simply request that you generate a unique passkey for each individual, or they may suggest that everyone create a separate account that can be linked to yours. (The latter option is already favored by some subscription services as it provides users with a sense of privacy and facilitates data collection.)
Furthermore, passkeys are designed to enhance user security. If passkeys are easily shared, there may not be a significant improvement in user security, as phishing schemes and other attacks will continue to be effective. Therefore, passkey sharing may be infrequent, discouraged, or restricted to a family group that you have created within your passkey manager. It will likely take a few years for the situation to settle.
