© 2026 KNAU Arizona Public Radio
Arizona Public Radio | Your Source for NPR News
Donate
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Service to KNAG 90.3 Grand Canyon is restored. Thank you for your patience and support.

Arizona Public Radio continues to integrate new audio software while addressing remaining glitches. We appreciate your patience and support and will update when all issues are fully resolved.

Are 'passkeys' better than passwords? This security expert says yes

By Linah Mohammad,
Juana SummersChristopher Intagliata
Published January 21, 2026 at 3:23 PM MST

JUANA SUMMERS, HOST:

For months now, my phone has been nudging me to create passkeys. And every time it happens, I sort of pause because I don't actually know what a passkey is or whether it's something I actually need. I actually keep almost all of my passwords written down in the back of a secret notebook, which I realize is very 20th century of me. But, hey, it works and I can log into everything. But we have called up Kim Key to see what she thinks about my strategy. She is a senior security writer for PCMag. Hi there.

KIM KEY: Hi there.

SUMMERS: All right, Kim, level with me here. Do I need to get rid of my notebook full of passwords?

KEY: Well, no. Don't get rid of it. But I say, instead, you could replace it with something that is, one, easier to use, like a password manager, or two, something that just gets rid of a password entirely, which is a passkey.

SUMMERS: OK, you've got to explain what a passkey is to me, just at a very basic level.

KEY: (Laughter) OK. So a passkey is basically a way for you to log in without needing a username, a password or even two-factor authentication. It's just a new way to log in. So basically, what you're doing is you're taking your phone, which you already have some form of verification on...

SUMMERS: True.

KEY: ...Whether that's, you know, a passcode or your face or your fingerprint. And you're using that to verify your identity to this website. Your phone's doing all the work for you, basically. You don't have to do anything. You don't have to enter in anything. So that's my sort of thing that I think that you should probably start transitioning towards.

SUMMERS: And then just to spell this out plainly, a passkey is different from a password how, exactly?

KEY: A passkey is different in that it's just a completely different form of everything. It's a key that is shared between a website and your device. Whereas a password is something that you yourself have come up with or something that is generated by, you know, a password manager or something else that you then enter into an open field, you know, on a website in order to log in. Both of them facilitate logging in. But passkeys are a way to log in, whereas a password is a component of a login...

SUMMERS: Got it.

KEY: ...If that makes sense.

SUMMERS: That does make sense. OK. Another question I've got. Are passkeys harder to steal than passwords?

KEY: Yes. By and large. I mean, well, I want to - I said that too quickly because, for now, yes, they are harder to steal because you have encryption. You're not going to find a passkey on the dark web, whereas you might find one of the passwords that is currently in your notebook on the dark web because a company, you know, may have lost it when they got breached way back when, and you don't know about it.

SUMMERS: I mean, it may be intimidating thinking about overhauling all of your online logins if you've been used to doing things in a certain way. Are there certain types of accounts that you would recommend people updating to passkeys first?

KEY: I would say any place where you can make a passkey, go ahead and do it, particularly your banking sites. I know that Apple will ask you to create a passkey every five minutes, you know, Gmail, that sort of thing. Go ahead and protect your - the things that you get to every single day with a passkey. And then, you know, things that you don't sign into as often, you know, put those to the side. And also, by the way, if you just use a password manager, it will just make all of these passwords for you and fill them in for you. So it's not like you're having to completely overhaul your life. It's not like a big process. It's just, you know, take a few minutes and let the password manager do its work.

SUMMERS: Kim, maybe I will get rid of my notebook. Maybe I will not.

KEY: (Laughter).

SUMMERS: Only time will tell (laughter).

KEY: Do whatever you need to do. It's better than using the same password everywhere.

SUMMERS: Kim, thank you so much.

KEY: (Laughter) Thank you.

SUMMERS: Kim Key is a senior security writer for PCMag.

(SOUNDBITE OF LOLA YOUNG SONG, "CONCEITED") Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
Linah Mohammad
Prior to joining NPR in 2022, Mohammad was a producer on The Washington Post's daily flagship podcast Post Reports, where her work was recognized by multiple awards. She was honored with a Peabody award for her work on an episode on the life of George Floyd.
Juana Summers
Juana Summers is a political correspondent for NPR covering race, justice and politics. She has covered politics since 2010 for publications including Politico, CNN and The Associated Press. She got her start in public radio at KBIA in Columbia, Mo., and also previously covered Congress for NPR.
See stories by Juana Summers
Christopher Intagliata
Christopher Intagliata is an editor at All Things Considered, where he writes news and edits interviews with politicians, musicians, restaurant owners, scientists and many of the other voices heard on the air.
See stories by Christopher Intagliata