Facebook’s new passkey support could let you ditch your password once and for all
How did your country report this? Share your view in the comments.
Diverging Reports Breakdown
Facebook’s new passkey support could let you ditch your password once and for all
Facebook announced Wednesday that it will soon support passkeys on mobile devices. A passkey lets you sign in to an account using a PIN, a biometric method such as facial or fingerprint recognition, or a physical security key. Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes. But no universal or consistent way yet exists to set them up or sync them across different devices, depending on the website or app that’s supporting them. The company failed to mention any passkey support for its desktop website, so you’ll still have to rely on your current Facebook password when you visit the site. It’s a small step for Facebook users eager to escape the burdens of the much-hated password, but at least this is one small step toward a password-free world for many of our social networks.
For all of us who hate passwords, passkeys represent a simpler and safer way of authenticating online accounts. But adoption has been slow, with many companies and websites still relying on passwords. Now the world’s biggest social media platform is jumping on the bandwagon.
On Wednesday, Facebook announced that it will soon support passkeys on mobile devices. This means you’ll be able to use one to sign in to Facebook on an iPhone or Android device. But the passkey won’t be limited to your actual Facebook account.
In the coming months, support will expand to Messenger, helping you better safeguard your encrypted messages and message backups. You’ll also be able to use the passkey to autofill and authenticate payment information if you purchase something through Meta Pay.
Also: Why the road from passwords to passkeys is long, bumpy, and worth it – probably
On the upside side, passkeys are a decided improvement over passwords for authenticating your account logins. Whereas passwords are difficult to manage and vulnerable to compromise, passkeys are much easier and safer.
Developed by the FIDO Alliance, a passkey lets you sign in to an account using a PIN, a biometric method such as facial or fingerprint recognition, or a physical security key. Because that passcode is tied to you, you’re able to use it to sign into the same account everywhere. Passkeys are automatically generated when you choose that option at a supported website. They can also eliminate or reduce the need for two-factor authentication codes.
A passkey consists of two separate cryptographic keys, known as a key pair. One key is public and registered with the app or website. The other key is private and stored only on your device. The key pair handles the authentication process between your device and the app or website. For that reason, the passkey is much more resistant to any type of hacking or other security threat.
“Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes because they are resistant to guessing or theft by malicious websites or scam links, making them effective against phishing and password spraying attacks,” Facebook said in its announcement. “By using passkeys, you’ll have increased protection against online threats while also simplifying your login experience.”
On the downside, passkeys are still in the nascent stage.
Beyond their limited support, no universal or consistent way yet exists to set them up or sync them across different devices. As such, the initial setup process can be difficult and frustrating, depending on the website or app. A passkey generated on a mobile device may not easily sync to your PC, or vice versa. These are challenges that the FIDO Alliance and its members still need to tackle.
Also: If we want a passwordless future, let’s get our passkey story straight
Facebook’s rollout of passkeys points to one hiccup. The company said it would soon allow passkeys on mobile devices. Fine, but what about PCs? Facebook failed to mention any passkey support for its desktop website. If that’s the case, it means you’ll still have to rely on your current Facebook password when you visit the site. That defeats part of the purpose of using passkeys, which should be a replacement for passwords, not an additional login method.
How to create a Facebook passkey
Facebook promises that creating your passkey will be easy. To do this, you’ll go to Settings in the Facebook app and head to Accounts Center. From there, choose the option to create a passkey and then follow the steps. Once the feature is available, you may also be prompted to set up a passkey when you sign in to Facebook.
With support coming to mobile devices, hopefully the option will extend to Facebook’s website sometime in the near future. For now, at least this is one small step for Facebook users eager to escape the burdens of the much-hated password.
Get the morning’s top stories in your inbox each day with our Tech Today newsletter.
Facebook will soon roll out support for passkeys on Android and iOS
Facebook is rolling out support for passkeys on both iOS and Android. Passkeys will also start rolling out to Messenger in the coming months. Unlike standard logins, passkeys use Face ID or Touch ID, a PIN, or a physical security authentication key to validate logins. Facebook is one of many tech companies to introduce passkey support in the past year.
Passkey logins make it harder for bad actors to remotely access your accounts because they require physical access to your phone. Unlike standard logins, passkeys use Face ID or Touch ID, a PIN, or a physical security authentication key to validate logins.
Passkeys remove the need to rely on username and password combinations, which can be susceptible to phishing and other issues.
Image Credits:Facebook
Facebook says that passkeys will also start rolling out to Messenger in the coming months, and that users will be able to use the same passkey for both services.
Passkeys can also be used to autofill payment information when making purchases using Meta Pay, Facebook says.
To set up a passkey, you’ll navigate to the new “passkey” option in Accounts Center within the Settings menu on Facebook. Once it’s set up, you can start using your passkey to log in to Facebook on your phone. You’ll still be able to use other authentication methods, such as your password, to access your account so that you can still access the social network when using a device that doesn’t support passkeys.
Facebook is one of many tech companies to introduce passkey support in the past year or so. Other big names that have done so include Apple, Microsoft, Amazon, Google, PayPal, TikTok, WhatsApp, X, and GitHub.
Facebook Now Supports Passkeys, and You Should Probably Use Them
Facebook now supports passkeys. Passkeys combine the convenience of a password with the security of 2FA. Unlike passwords, you don’t choose a series of words, characters, or numbers to enter each time you want to log into your account. When you need to authenticate yourself, you do so on your device, through a face scan, fingerprint scan, or PIN. You’ll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats. The feature is expected to roll out to iOS and Android devices “soon,” while Messenger will get the feature “in the coming months,” according to Meta, the company behind the passkey. The company is also a member of the FIDO Alliance, the organization that developed passkeys, and says you can use them to autofill your payment info when buying things with Meta Pay. It still exists, as Meta said, creating a passkey won’t delete your Facebook account.
If you’ve had a Facebook for long enough, you probably know people who have had their accounts “hacked.” Maybe this happened to your own account—one minute, you’re minding your own business, the next, your friends and family send you texts asking, “Why did you send me this?” and “Were you hacked?”
See, your Facebook wasn’t “hacked,” so much as it was “accessed.” Someone figured out your password, either by guessing it, tricking you into sending it, or through a data breach, and logged in on your behalf. If you had two-factor authentication (2FA) set up, the chances of this happening would have been much lower, but not impossible. That’s where passkeys come in.
Facebook and passkeys
Good news: Facebook now supports passkeys. Meta announced the news in a blog post on Wednesday, saying the authentication method will roll out to iOS and Android devices “soon,” while Messenger will get the feature “in the coming months.” For what it’s worth, I see the option to create passkeys now on the iOS Facebook app.
Meta seems pretty excited about the news—and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you’ll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You’ll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.
Typically, Meta is near the bottom of my list when it comes to companies that care about user privacy and security. But passkey adoption is a good thing for Facebook accounts everywhere. In fact, when you have the chance, you should probably set one up.
Why use a passkey
Passkeys combine the convenience of a password with the security of 2FA. Unlike passwords, you don’t choose a series of words, characters, or numbers to enter each time you want to log into your account. Instead, you set up a passkey with your device itself, like your smartphone. When you need to authenticate yourself, you do so on your device, through a face scan, fingerprint scan, or PIN. Your device then confirms your identity with the account holder in question, which then lets you into your account.
Since there’s no password or phrase, passkeys are effectively phishing-proof: Hackers can’t trick you into sharing your password with them, since there’s nothing to share, and you won’t need to worry about Meta losing your passkeys in a data breach. 2FA can also prevent bad actors from breaking into your account if they know your password, but even 2FA is susceptible to phishing. Since most 2FA uses a numeric code, hackers may convince you to send the code to them. Without the device tied to the passkey, however, hackers are out of luck.
Once properly set up, logging into your accounts is as easy as a face scan or a quick PIN entry on your phone—simple, yet secure.
What do you think so far?
Meta (specifically Facebook in this case) is far from the only platform to offer passkeys. Companies including Apple, Google, Microsoft, and even X have been adopting the security measure over the past couple years. In fact, Microsoft now makes passkeys the default authentication option when setting up a new account.
How to set up a passkey for Facebook
Once support for passkeys rolls out to your Facebook app, you’ll find your settings in Account Center. You can pull this up in the Menu tab, by tapping the down arrow next to your name and choosing “Go to Accounts Center.”
In Account Center, choose “Password and security,” then tap “Passkey.” From here, tap “Create passkey.” Tap “Create passkey” on the pop-up, then enter your current Facebook password. Your device will invite you to confirm passkey creation (on iPhone, for example, you can use Face ID to finish setting up the passkey).
All that said, creating a passkey won’t delete your Facebook password. It still exists, as Meta relies on it for signing into Facebook on other devices. (Some companies have alternative methods to ensure that you can sign in without needing the original device that created the passkey.) As such, make sure that your Facebook password is strong and unique (do not use the same password for Facebook as any of your other accounts), and set up 2FA for the times you ever do use a password. (Avoid SMS-based 2FA if you can.)