Remembering dozens of passwords. Changing them every 90 days. Getting locked out of your account again because of a forgotten character. If that sounds all too familiar, you’re not alone.
For years, businesses have relied on passwords as the first line of defence for their systems and data, but that defence has proven increasingly unreliable. With cybercriminals becoming more sophisticated and employees more frustrated with complicated logins, it’s time to rethink authentication.
Enter: the passkey!
At Carden IT Services, we help businesses implement smarter, more secure technology. In this article, we’ll explain what a passkey is, how it works, and why it’s time to consider saying goodbye to passwords for good.
What Is a Passkey?
A passkey is a modern authentication method that allows you to log into apps and websites without ever typing a password. Instead of relying on something you know (a password), passkeys use something you have (your device) and something you are (biometrics like Face ID or fingerprint).
Here’s how it works:
- When you create a passkey, your device generates a pair of cryptographic keys, one private and one public.
- The private key stays on your device and is secured by your fingerprint, face scan, or a local PIN.
- The public key is shared with the service you’re logging into (like your email or CRM platform).
- When you log in, the service challenges your device to prove it has the private key, no passwords are exchanged.
It’s built on industry standards like FIDO2 and WebAuthn, supported by big tech players like Apple, Google, and Microsoft.
Why Passkeys Are a Game Changer
1. They Can’t Be Phished
Passwords can be tricked out of users. We’ve seen this happen countless times. One of our legal clients in Surrey had a member of staff fall victim to a convincing phishing email. They entered their Microsoft 365 login on a fake site, which led to a full compromise of their email and OneDrive accounts. Even with complex password policies in place, the breach occurred in seconds.
With passkeys, this type of attack is rendered useless. Since there’s no password to enter, and no way to use a passkey on a fraudulent site, phishing is effectively blocked at the source.
2. They’re Tied to Devices You Trust
Passkeys live on your devices, smartphones, laptops, tablets. You can only use them if you can unlock that device. That means attackers can’t reuse credentials, even if they clone a hard drive or steal a backup.
We recently supported a Brighton-based marketing agency that had ongoing issues with unauthorised access. Staff often worked remotely on public Wi-Fi, and one laptop was stolen while commuting. Previously, passwords were reused across multiple platforms, which led to several breaches. After we helped implement passkey-based authentication using Windows Hello and biometric logins, their security posture improved dramatically, and they haven’t had a single unauthorised access attempt since.
3. No More Forgotten Passwords
Every IT team dreads Monday mornings. That’s when password reset tickets flood in. “I forgot my login,” “The system locked me out,” or “It says my password expired.” Sound familiar?
Passkeys eliminate that issue. With no passwords to remember, there’s nothing to reset. One of our finance-sector clients reduced their weekly IT support calls by 40% after switching to passkey logins. Staff were happier, logins were quicker, and productivity improved.
How Are Passkeys Different From Passwords?
| Feature | Passwords | Passkeys |
|---|---|---|
| Remembered by user | Yes | No |
| Can be phished | Yes | No |
| Reused across sites | Often | No |
| Stored centrally | Usually | No (device-local) |
| Relies on complexity | Yes | No (cryptographic) |
| Needs regular updating | Often | No |
Where Can I Use Passkeys?
Passkeys are already being adopted across the digital landscape:
- Google Accounts (Gmail, Workspace)
- Microsoft 365
- Apple ID
- Dropbox
- Amazon Web Services (AWS)
- Banking apps, password managers, even LinkedIn
Most modern operating systems (Windows, macOS, iOS, Android) support passkeys. You can log in using Face ID, Windows Hello, fingerprint scanners, or even a hardware security key like a YubiKey.
Carden IT Services is helping businesses transition their Microsoft Entra ID (formerly Azure AD) to use passwordless sign-in, reducing reliance on risky password-based logins.
What Happens If a Device Is Lost or Stolen?
This is a common question. Fortunately, passkeys are built with recovery in mind.
- Apple and Google sync your passkeys securely across devices using iCloud Keychain and Google Password Manager.
- Devices must still be unlocked by the user to use a passkey, so even if someone steals your phone, they can’t use your face or fingerprint.
- For businesses, passkeys can be centrally managed with MDM solutions like Microsoft Intune or Jamf.
In short, losing a device doesn’t mean losing your login, and certainly not your security.
Why Should Your Business Switch?
Cyber threats are on the rise, and passwords are the weakest link. Here’s how passkeys can improve your cybersecurity and operations:
- ✔ Fewer Support Tickets: IT teams waste hours every week resetting passwords. Passkeys take that off their plate, freeing them to focus on more valuable work.
- ✔ Better User Experience: No more remembering complex strings or waiting for one-time codes. Logging in becomes as simple as a quick fingerprint scan.
- ✔ Enhanced Security: No reused passwords, no phishing, no brute-force attacks. Just a secure, seamless experience.
- ✔ Easier Compliance: Many compliance frameworks now expect or recommend passwordless authentication. Implementing passkeys helps you stay ahead of audits and security assessments.
How Carden IT Services Can Help You Make the Switch
At Carden IT Services, we help businesses of all sizes move away from outdated, insecure login practices. Whether you’re a 10-person consultancy or a 200-user organisation, we’ll:
- Assess your current login methods and vulnerabilities.
- Integrate passkey-compatible systems, including Microsoft Entra ID and business apps.
- Train your team on using secure login methods like Windows Hello, Face ID, or hardware tokens.
- Provide ongoing support and device management, so you stay protected.
Use A Better Way to Log In
Passwords had their time, but that time is coming to an end.
Passkeys offer a safer, easier, and smarter way to protect your accounts. By removing the human element from authentication, they help reduce cyber risk while improving the user experience. Whether you’re managing a remote team or protecting sensitive data, passkeys can be a powerful step forward.
Let Carden IT Services help you modernise your security, because your business deserves better than outdated login systems.
Ready to Ditch Passwords?
Get in touch with Carden IT Services today for a security audit and expert guidance on implementing passkeys in your organisation.
Let’s make your business easier, and safer, to log into.