Experts say we should use passkeys, but can a smartphone PIN really be safer than a password?

The long-running series in which readers answer other readers’ questions explores a topical issue of personal cybersecurity
  
  

Woman authenticating mobile phone with face id system outdoorsYoung adult woman unlocking smartphone using face id facial recognition
A question of safe authentication … Photograph: posed by model, Gemth/Getty Images

I’ve been struggling to get my head around the idea that a passkey, which can be a PIN on your phone, or facial recognition, can be safer than using a complicated password, and two factor authentication.

I get that having something unique to your device, not stored on a company’s server is unphishable, and less hackable by cybercrims, but what if your phone is nicked and someone guesses the password? And what if you lose your phone?

Sorry if that sounds simplistic, but I am genuinely stumped to understand why the UK’s National Cyber Security Centre and others who know about these things are so sold on passkeys. Can anyone who’s used them enlighten me? Martin Avis, Chester

Post your answers (and new questions) below or send them to nq@theguardian.com. A selection will be published next Sunday.


 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*