Cybersecurity Mythbusters: Passwords vs Passkeys
Transcription
Jing
Ah, the passwords versus passkeys, a topic that has raised many eyebrows and many heart rates in the cybersecurity world. Let's shed some light on the matter.
Nelson
Hey everyone and welcome to "Cybersecurity Mythbusters". I'm Nelson Melo, Founding Engineer of Beyond Identity, and Jing Gu, cybersecurity expert, and product marketing lead.
Jing
Let's get ready to embark on an extraordinary quest as we unveil today's myth. Leo, a Mythbuster fan, says: "Dear Cybersecurity Mythbusters, I keep seeing folks saying my company should offer a passwordless login for my customers, but I find that that's just too big of a lift. Customers feel safe with passwords, and they know how to use them. Am I missing something? It's just too hard to move to passkeys at this time." Ah, the passwords versus passkeys, a topic that has raised many eyebrows and many heart rates in the cybersecurity world. Let's shed some light on the matter. Passkeys are gaining momentum for sure, but I can understand why some might find the transition a little daunting.
Nelson
There's a common misconception that passkeys are too complex for users to handle. Some people fear that using passkeys will be a hassle, requiring additional training or complex setup. Do we think that's true, though? Hmm, I'm not so sure. With the right approach and better, friendlier interfaces, we think passkeys can be intuitive and easy to adopt.
Jing
This is where Megan comes in. She'll shed light on how organizations can seamlessly transition from passwords to passkeys for their customers. Take it away, Megan.
Megan
Jing and Nelson, hi. I'm so thrilled to be here and debunk this myth about passkeys.
Nelson
Do you think it's too hard for users to switch from username and passwords to passkeys?
Megan
That's a good question, Nelson, but in a word, no, this is definitely a myth, but it's understandable why some might think this to be true. I mean, after all, haven't we been signing in with usernames and passwords, like, forever? And sometimes change can be intimidating, but in reality the process of moving to passkeys can be managed really efficiently. It just takes some proper planning, testing, and user support. It's really about making the transition as easy as possible for your organization and for your users.
Jing
So that sounds promising, but what can businesses actually do to ensure a smooth transition from passwords to passkeys?
Megan
That's a really good question, Jing. And, of course, there's so many things that a business can do to introduce passkeys in a successful way. So let me tell you about a couple of them that I think are super crucial. The first thing is understand your user base, right? Passkeys are a new concept. They haven't heard this word necessarily. They are used to signing in with the username and password. I think going into your rollout with that understanding is gonna be hugely beneficial.
So the other really important tactical tip I want to provide to you is that using prompts and information for passkeys across multiple areas of our user's experience will be really important. Having users try passkeys at account related moments in their journey such as account creation, recovery, or settings is really the most effective way to get them to enroll with passkeys. So these are times when a user is experiencing the pain of passwords so introduce them to passkeys which are much easier and much more simple. And by meeting users where they're at, organizations can gradually help their user base embrace passkeys.
Remember, it's not gonna be an overnight event where all of your users move over to passkeys. This is gonna take time, but these are some of the ways you can make it much more streamlined and efficient. If these tips are helpful, I would really encourage folks to head over to the Fido Alliance website and look at our UX guidelines. So we actually have an entire working group within the FIDO Alliance dedicated just to optimizing user flows to get them onboarded with passkeys, which is actually amazing, and they're all UX experts that are all working together to ensure consistency when we're deploying passkeys.
So there's a whole set of guidelines that has tips just like the ones that I've provided today. Ready for you to use, there's even Figma templates to help you get started. We'll be sure to link it in the video description, but I really highly suggest checking that out if you're really interested in optimizing your user experience with passkeys.
Nelson
Great advice, Megan, thanks for joining us.
Megan
Thanks Nelson and Jing. It's always great to see you, and of course I'm looking forward to seeing you at Authenticate, October 16th to 19th. And if any folks wanna learn more authenticatecon.com. If you wanna learn more about passkeys, deploying passkeys, optimizing user flows, and using so much more please join us there. Thank again for having me.
Nelson
With the right guidance moving from passwords to passkeys can be easy and this myth can easily be busted.
Jing
You're right Nelson, passkeys are the future of secure and convenient authentication. And it only takes a few easy steps to implement them.
Nelson
So there you have it Leo, thanks everyone for tuning in. See you when we see you.
Jing
And if you have any rumors, questions, or myth that you hear through the grapevine that you want us to test, please be sure to let us know.