Due to recent technological advances, everything I taught you about computers is no longer valid. ~Unknown
In my farm life, I’ve been regularly working with PayPal to invoice and collect payment for dahlia tubers. I have an abundance of tubers that need new homes. You can see the collection at https://rileyblossom.com. I am offering a 50% discount to coos county residents. Put a note on your order that you heard about it thru Comp-U-News.
Getting off that rabbit trail and back to the PayPal story: PayPal wants to create a passkey. Lots of sites have been suggesting passkeys. I’ve been foggy on why passkeys are supposed to be better than passwords when passkeys don’t ask for any identifying information. What’s that about? I went searching for details. This is what I found:
Passkeys are a newer, more secure alternative to passwords because they eliminate phishing risks, remove the need to remember complex strings, and rely on cryptographic keys stored on your device rather than shared secrets. They’re easier for users, harder for attackers, and increasingly supported across major platforms.
Passkeys are passwordless login credentials based on public key cryptography. Instead of typing a password, users authenticate with a fingerprint, face scan, or device PIN. Each account generates two keys:
• a Public key stored by the website or app
• a Private key stored securely on your device.
Because the private key never leaves the device, there is no shared secret for attackers to steal.
What? My head hurts… In 6th grade English please:
Imagine you have two keys:
• One key is public — you can share it with anyone
• One key is private — you keep it hidden, like a diary key
These two keys are connected. What one key locks, only the other key can unlock.
How it works:
• If someone wants to send you a secret message, they use your public key to lock it.
• Once it’s locked, only your private key can open it.
• That means even if someone else sees the message, they can’t read it.
Why it’s cool:
• You can share your public key with the whole world, and your secrets still stay safe.
• It keeps messages, passwords, and online logins protected from hackers.
Why Passkeys Are Better Than Passwords
1. Stronger Security
• Phishing resistant: Passkeys cannot be phished because there is no password to trick users into entering. Fake websites cannot authenticate without the private key.
• No password reuse: Each passkey is unique to a specific site, eliminating the widespread problem of reused passwords.
• Resistant to data breaches: Even if a site is breached, attackers only obtain the public key, which is useless without the private key.
• Attacks don’t scale: To compromise a passkey, an attacker would need physical access to the user’s device and biometric/PIN verification.
2. Better User Experience
• No passwords to remember: Users authenticate with biometrics or device unlock—fast and frictionless.
• No need for password managers: Passkeys simplify account management by removing the need to store or generate passwords.
• Cross platform compatibility: Designed to work across phones, tablets, and computers.
After decades of logging in with a password, it feels funny to rush right through the entry gate without pausing. (note to self: I wonder if this is what it feels like to use the express lane at the airport?) But the synopsis is, passkeys are safer and easier than our tried and not so true passwords. I have never been a “first adopter”, (a person who seeks out and eagerly tries new technology as soon as it arrives). I much prefer to let others work out the kinks and suffer the headaches of beta testing all things “New & Improved”. With that said, I give my permission to use and I fully support the implementation of passkeys.
Happy Computing,
Janet
