A password you already know – it is a special word that you use to authenticate yourself. The are notoriously insecure because, by definition, all you need to access the account is the secret word – anyone who learns it can access your account.

A passkey is when a specific device is authorized to your account, and only that authorized device can grant access. So when you try to log in, the website pings your device and asks “Is this login genuine” – at which point you have to confirm on the device “Yes, it is me”. There is cryptography involved to ensure that the device replying is _actually_ the authorized device, but for our purposes we can simply say that **only** the authorized device can approve the request.

It is safer because you can’t just learn a simple word to gain access – you have to have access to the physical device to authorize. Since those devices _themselves_ are locked with passwords (or biometrics) you’ve created a system that has two layers of security – something you have (the device) and something you know (password) or something you are (biometrics). Any additional layer of security you add will inherently make the process more secure.

A password you already know – it is a special word that you use to authenticate yourself. The are notoriously insecure because, by definition, all you need to access the account is the secret word – anyone who learns it can access your account.

A passkey is when a specific device is authorized to your account, and only that authorized device can grant access. So when you try to log in, the website pings your device and asks “Is this login genuine” – at which point you have to confirm on the device “Yes, it is me”. There is cryptography involved to ensure that the device replying is _actually_ the authorized device, but for our purposes we can simply say that **only** the authorized device can approve the request.

It is safer because you can’t just learn a simple word to gain access – you have to have access to the physical device to authorize. Since those devices _themselves_ are locked with passwords (or biometrics) you’ve created a system that has two layers of security – something you have (the device) and something you know (password) or something you are (biometrics). Any additional layer of security you add will inherently make the process more secure.

A password is a string of characters. If that string of characters is shared with someone else, they can now use it.

A passkey is a physical device that cannot be easily copied.

A password is a string of characters. If that string of characters is shared with someone else, they can now use it.

A passkey is a physical device that cannot be easily copied.

Simplest ELI5 analogy here… you want to go into a door. A password is knocking on the door and a little window opens with a person asking “what’s the password?” like in the movies, and you respond. Anyone with the password could respond and get in. In theory, only those that should be allowed in should know the password, but anyone that knows the password could tell others, or someone walking by could hear someone say it, or any other various means of someone who shouldn’t know the password could learn it. A pass key is like having a door that requires badge access to get through. And you could make the badge even more secure by adding a biometric scan to it as well (fingerprint scan for example). That way only people who should be allowed through the door are.

Simplest ELI5 analogy here… you want to go into a door. A password is knocking on the door and a little window opens with a person asking “what’s the password?” like in the movies, and you respond. Anyone with the password could respond and get in. In theory, only those that should be allowed in should know the password, but anyone that knows the password could tell others, or someone walking by could hear someone say it, or any other various means of someone who shouldn’t know the password could learn it. A pass key is like having a door that requires badge access to get through. And you could make the badge even more secure by adding a biometric scan to it as well (fingerprint scan for example). That way only people who should be allowed through the door are.