Threat Intel Solutions

[](https://techxplore.com/archive/26-10-2025/)October 26, 2025 The GISTWhat’s the difference between passwords and passkeys? It’s not just the protection they provide===============================================================================================by Paul Haskell-Dowland, Ismini Vasileiou, [The Conversation](https://theconversation.com) edited by [Lisa Lock](https://sciencex.com/help/editorial-team/ ”), reviewed by [Alexander Pol](https://sciencex.com/help/editorial-team/ ”) ##### Lisa Lockscientific editor Meet our [editorial team](https://sciencex.com/help/editorial-team/) Behind our [editorial process](https://sciencex.com/help/editorial-process/)  ##### Alexander Poldeputy editor Meet our [editorial team](https://sciencex.com/help/editorial-team/) Behind our [editorial process](https://sciencex.com/help/editorial-process/) Editors’ notes This article has been reviewed according to Science X’s [editorial process](https://sciencex.com/help/editorial-process/) and [policies](https://sciencex.com/help/editorial-standards/). [Editors](https://sciencex.com/help/editorial-team/) have highlighted the following attributes while ensuring the content’s credibility:fact-checkedtrusted sourcewritten by researcher(s)proofread  Credit: Unsplash/CC0 Public DomainPasswords are the keys to our digital lives—think how many times you log in to websites and other systems. But just like physical keys, they can be lost, duplicated and stolen. Many alternatives have been proposed in recent years, including passkeys. These offer a significant improvement in terms of user friendliness and potential for widespread use.But what exactly are they—and how do they differ from passwords?Passwords are vulnerable————————In simple terms, a password is a secret word or phrase that you use to prove who you are to computer systems and/or online. If you have an account on a website or subscribe to a [service provider](https://techxplore.com/tags/service+provider/) you likely have many.Passwords themselves are fine; it is the way we implement and use them that makes them vulnerable. For example, weak password habits are everywhere. A [CyberNews report](https://cybernews.com/security/password-leak-study-unveils-2025-trends-reused-and-lazy/) from earlier this year identified 94% of 19 billion leaked passwords were re-used. It also identified several similarities in passwords, including strings of numbers such as ‘123456,’ people’s names, cities, popular brands and swear words.And when a breach occurs, stolen passwords can spread quickly. This leads to accounts being taken over, identity theft and/or [phishing attacks](https://techxplore.com/tags/phishing+attacks/). In one [experiment](https://www.zdnet.com/article/this-is-how-fast-a-password-leaked-on-the-web-will-be-tested-out-by-hackers/), hackers were trying to use leaked credentials within an hour.Passwords are also vulnerable to phishing, which is when scammers trick you into typing your password (or other information) into a fake account login page. Phishing emails continue to grow in number and consequence with [one report](https://deepstrike.io/blog/Phishing-Statistics-2025) indicating more than 3 billion phishing emails sent per day globally.A good password is unique (that is, never re-used) and complex (imagine a sequence of letters, numbers and symbols such as ‘e8bh!kXVhccACAP$48yb’). It can also be a unique combination of multiple words to create a phrase or memorable sequence.This could be difficult to remember, although creating a story that uses the contents of the password might help. For example, say your password was ‘CrocApplePurseBike.’ You could remember it by thinking of the *Crocodile* that packed its *Apple* into a *Purse* before riding a *Bike*. What are passkeys and how do they work?—————————————Passkeys [first started to emerge](https://theconversation.com/apples-passkeys-update-could-make-traditional-passwords-obsolete-188300) roughly four years ago. They use a mathematical process called public-key cryptography to create a unique set of information that is split into two parts—or keys.One key is public and can be shared with websites; the other is a [private key](https://techxplore.com/tags/private+key/) that is stored securely on your device. To sign into an account, the website sends a random challenge (such as a number) and your device uses the private key to ‘approve’ the login request. This approval is usually called ‘signing’ the request and applies a mathematical process to the challenge.Your device won’t just do this automatically; you will typically be required to approve the request. For many [mobile devices](https://techxplore.com/tags/mobile+devices/) this will require your face or fingerprint to be used to authorize the response to be sent.Finally, the website checks the signature via the public key it already has. If it confirms the challenge, you are in.Stronger by design——————Passkeys are stronger than passwords by design. It doesn’t matter if the public key is stolen, because it cannot be used on its own. Your private keys are safely protected by your device’s security, with most using face or finger-based biometrics to unlock (it is best to avoid relying on a PIN).Each passkey is also unique for every service you use; even if the key for a site could be stolen, it cannot be used elsewhere.Another plus is that passkeys are resistant to phishing. From a user perspective, there isn’t a password to send in response to a phishing email. A request to log in on a site has to come from the registered device combined with the approval of the user.Passkeys are also more convenient than passwords. You don’t have to look for the password you used when you registered—the passkeys are already linked to your device and are only a finger/face verification away.There are, however, some issues with passkeys. For one, while many browsers, operating systems and websites are embracing passkeys, this isn’t universal. And some early implementations suffered with compatibility between devices (such as between Microsoft and Apple devices).As users move to newer devices and manufacturers improve integration, these issues should disappear.A clear winner————–From a security point of view, passkeys are the clear winner. They offer stronger protection, can resist phishing and are easier to use. But until passkeys are everywhere, passwords will still play a supporting role.Implementing passkeys on a website requires effort from the company concerned. With a vast number of sites requiring users to create accounts, the process of migrating them all to passkeys is going to take decades. Many will never adopt the practice unless other factors force their hand.For now, it’s crucial that we continue to focus on password hygiene by using strong, unique passwords and enabling multi-factor authentication wherever possible. If you do nothing else after reading this article, at least change any re-used passwords. **More information:** Paul Haskell-Dowland et al, What’s the difference between passwords and passkeys? It’s not just the protection they provide, (2025). [DOI: 10.64628/aa.7mjgtmnk5](https://dx.doi.org/10.64628/aa.7mjgtmnk5) Provided by [The Conversation](https://techxplore.com/partners/the-conversation/) [](https://theconversation.com)This article is republished from [The Conversation](https://theconversation.com) under a Creative Commons license. Read the [original article](https://theconversation.com/whats-the-difference-between-passwords-and-passkeys-its-not-just-the-protection-they-provide-264869). **Citation**: What’s the difference between passwords and passkeys? It’s not just the protection they provide (2025, October 26) retrieved 26 October 2025 from https://techxplore.com/news/2025-10-difference-passwords-passkeys.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.#### [Three-layer microfluidic cooling device can remove heat from small electronics more efficiently](https://techxplore.com/news/2025-10-layer-microfluidic-cooling-device-small.html)8 hours ago 0#### [DeepMind introduces AI agent that learns to complete various tasks in a scalable world model](https://techxplore.com/news/2025-10-deepmind-ai-agent-tasks-scalable.html)Oct 25, 2025 0#### [Isotropic MOF coating reduces side reactions to boost stability of solid-state Na batteries](https://techxplore.com/news/2025-10-isotropic-mof-coating-side-reactions.html)Oct 24, 2025 1#### [AI teaches itself and outperforms human-designed algorithms](https://techxplore.com/news/2025-10-ai-outperforms-human-algorithms.html)Oct 23, 2025 0#### [Novel carbon nanotube-based transistors reach THz frequencies](https://techxplore.com/news/2025-10-carbon-nanotube-based-transistors-thz.html)Oct 23, 2025 0##### Three-layer microfluidic cooling device can remove heat from small electronics more efficiently8 hours ago##### DeepMind introduces AI agent that learns to complete various tasks in a scalable world modelOct 25, 2025##### Framework reveals a smarter and faster way to retire US coal plantsOct 24, 2025##### Double-layer electrode design powers next-gen silicon-based batteries for faster charging and longer range EVsOct 24, 2025##### Defect passivation strategy sets new performance benchmark for Sb₂S₃ solar cellsOct 24, 2025##### 3D-printed twisting material offers adaptable impact protection for vehiclesOct 24, 2025##### Isotropic MOF coating reduces side reactions to boost stability of solid-state Na batteriesOct 24, 2025##### A flexible lens controlled by light-activated artificial muscles promises to let soft machines seeOct 23, 2025##### AI-guided drones use 3D printing to build structures in hard-to-reach placesOct 23, 2025##### AI bots could match scientist-level design problem solvingOct 23, 2025##### What are passkeys? A cybersecurity researcher explains how you can use your phone to make passwords a thing of the pastApr 13, 2023##### Microsoft Authenticator is ending password autofill soon. How to set up a passkey before Aug. 1Jul 29, 2025##### Passwords under threat as tech giants seek tougher securityAug 13, 2025##### Hate passwords? You’re in luck—Google is sidelining themMay 4, 2023##### One Tech Tip: Replacing passwords with passkeys for an easier login experienceNov 14, 2024##### M-&S cyber-attack: How to protect yourself from sim-swap fraudMay 22, 2025##### Scientists create a novel hydrogel for unclonable security tagsOct 20, 2025##### Vulnerability in confidential cloud environments uncoveredOct 13, 2025##### AI-powered method helps protect global chip supply chains from cyber threatsOct 13, 2025##### Size doesn’t matter: Just a small number of malicious files can corrupt LLMs of any sizeOct 10, 2025##### The spy who came in from the Wi-Fi: Beware of radio network surveillanceOct 10, 2025##### AI tools can help hackers plant hidden flaws in computer chips, study findsOct 9, 2025

Related Tags:
Solar

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 51 – Information

Phishing

Associated Indicators: