It started with my bank account. I was sitting at my kitchen table, coffee going cold, staring at the login screen. I typed what I thought was my password. Wrong. I tried the variation with the exclamation mark at the end. Wrong again. Then the one with the capital letter in a different place. Still wrong.
My palms started to sweat. One more failed attempt and I'd be locked out.
I decided to reset it, but that meant logging into my email. Except I couldn't remember that password either. Was it the one with my dog's name? Or had I changed it last month when that security alert popped up? I grabbed my phone, frantically searching through my notes app, hoping I'd written it down somewhere. Nothing.
In that moment, I felt a familiar wave of panic that millions of people experience every single day. We're drowning in passwords, and the system is broken.
But what if I told you this nightmare scenario is about to become impossible? What if forgetting your password simply stopped mattering?
Why We're Drowning in Passwords
Here's a sobering fact: the average person now has over 100 online accounts. One hundred. Think about that for a moment. Your bank, your email, your shopping sites, your streaming services, your doctor's portal, your utility companies, your social media, your work accounts, and on and on.
And each one demands a password that's supposedly "secure." They want at least eight characters, no wait, twelve. You need an uppercase letter, a lowercase letter, a number, and a special symbol. But not just any special symbol! Some sites don't allow certain ones. Oh, and you can't use any password you've used before. And you definitely can't use common words or patterns.
So what do we do? We make terrible choices because we have no other option. We use "Password123!" with slight variations. We write passwords on sticky notes attached to our monitors. We use the same password for everything and just hope nothing bad happens. We add numbers to the end of words, thinking "Sunshine2024!" is somehow secure.
And when security experts tell us we're doing it wrong, we feel guilty. But here's the truth: this isn't your fault. The human brain simply wasn't designed to remember 100 different complex random strings of characters. We evolved to remember faces, stories, and experiences, not "K9#mP2$qR7@nL4."
The password system is broken by design, and we're the ones paying the price for it.
Meet the Solution You're Already Using
Here's something you probably do dozens of times a day without thinking about it: you unlock your phone. Maybe you glance at it and Face ID recognises you. Maybe you press your thumb on the sensor. It happens in a fraction of a second, and you're in.
That simple, effortless experience? That's the future of logging into everything.
It's called a passkey, and whilst the name might sound technical, the concept is beautifully simple: your device recognises you, then vouches for you to websites and apps. That's it. No password to type, no password to remember, no password to forget.
Let me paint you a picture of how this works in real life. Imagine you want to log into your favourite shopping website on your laptop. Instead of typing a password, you simply tap "Sign in with passkey." If your laptop has a fingerprint reader or a camera with Windows Hello (or Face ID on a Mac), you just use that—exactly as you do when unlocking your device. If your laptop doesn't have biometric hardware, you can use a simple PIN you've set up, or even better, your phone pops up with a notification asking you to confirm it's really you. You glance at your phone or touch its fingerprint sensor, and just like that, you're logged in on your laptop.
Nothing to remember. Nothing to type. Nothing to write down on a sticky note.
The technology works invisibly in the background. Behind the scenes, your device creates a unique cryptographic key pair—a private key that stays securely locked on your device (never sent anywhere), and a public key that the website stores. When you log in, your device uses the private key to create a digital signature that proves you own the key, without ever revealing the key itself. The website verifies this signature using the public key it has on file. It's the same proven cryptography that's been securing online banking and encrypted communications for decades.
But here's what makes this magical: there is no password. Not one you've forgotten, not one a hacker can steal, not one you have to change every 90 days. The entire concept of passwords simply disappears.
But Is It Safe?
I know what you're thinking. "Wait a minute. If someone steals my phone, can't they access everything? What if they lift my fingerprint off a glass? What about hackers?"
These are smart questions, and they deserve real answers.
First, the crucial thing to understand: your fingerprint or face scan never leaves your device. When you unlock your phone with your fingerprint, that information stays locked inside your phone's secure hardware. The website you're logging into never sees it, never stores it, never has access to it. Your device just sends a cryptographically signed message saying, "I've verified this person's identity," without sharing how it did so or any biometric data.
Think about it this way: which is safer? A password written on a sticky note under your keyboard that anyone can read, or your actual face? A password saved in your browser that malware can steal, or your fingerprint that's physically part of you?
Let's talk about hackers. Right now, when criminals want to break into accounts, they have several easy options. They can trick you into typing your password on a fake website (called phishing). They can break into a company's database and steal millions of passwords at once. They can simply guess common passwords, because so many people use "123456" or "password."
With passkeys, all of those attacks become impossible. There's nothing to phish because you never type anything. There's no database of passwords to steal because passwords don't exist any more. There's nothing to guess because there's nothing there. Even if a hacker steals the public key from a website's database, it's mathematically useless without the private key—which never leaves your device and cannot be extracted from the public key.
For hackers, it's like arriving at a bank vault only to discover the vault has vanished entirely.
And what about practical concerns? What if you injure your finger and can't use the fingerprint sensor? What if you're wearing a mask and Face ID doesn't work? The system has backups. Most devices let you use a PIN as a backup, and many sites will let you set up passkeys on multiple devices, so if you lose your phone, you can still get in using your laptop or tablet.
The bottom line: passkeys aren't just more convenient than passwords. They're dramatically more secure.
The Transition Is Happening Now
This isn't some far-off future fantasy. The shift is happening right now, and you've probably already seen signs of it.
Apple, Google, and Microsoft have all gone all-in on passkeys. Major retailers like Target and Best Buy support them. Financial institutions are rolling them out. PayPal, Amazon, and eBay are on board. Even government websites are beginning to adopt the technology.
Over the next few months, you'll start noticing more options that say "Sign in with Face ID," "Sign in with Touch ID," "Sign in with Windows Hello," or "Use a passkey." At first, these will appear alongside traditional password options. The technology is polite—it's not forcing anyone to change immediately.
But make no mistake: this is the direction everything is moving. Within the next two to three years, passkeys will become the standard way people log into websites and apps. Passwords won't disappear overnight, but they'll increasingly feel like using a flip phone in a smartphone world—technically possible, but why would you?
Major tech companies are investing billions in this transition because they've realised what users have known for years: the password system is unsustainable. We've reached the breaking point, and the only way forward is to leave passwords behind entirely.
You don't need to do anything drastic right now. But the next time you see an option to set up a passkey, I'd encourage you to give it a try. Start with just one site, perhaps one you visit frequently. See how it feels to log in with just your fingerprint, face, or a simple PIN on your laptop.
You might be surprised by how natural it feels. After all, you're already doing it every time you unlock your devices.
Back to That Forgotten Password
Remember my kitchen table panic? The cold coffee and the locked bank account? The frantic searching through notes and the rising anxiety? In the very near future, that scenario will no longer exist.
There will be no more password reset emails. No more security questions asking for your mother's maiden name or your first pet's name. No more typing passwords incorrectly because you can't tell if that's a zero or the letter O. No more "your password has expired, please create a new one" messages.
Instead, you'll simply look at your device or touch it, the same way you've been doing for years to unlock it, and everything will just work.
The relief of never having to type, remember, or reset a password again is something you'll only fully appreciate once you experience it. It's like the feeling you had the first time you used contactless payment instead of swiping a credit card, or the first time you unlocked your phone with your face instead of typing a PIN. Suddenly the old way seems absurdly complicated.
So the next time you're prompted to set up a passkey, take a moment to try it. You're not just making your life easier. You're participating in one of the biggest improvements in digital security and convenience in decades.
And the next time you forget a password? You'll smile, set up a passkey for that site instead, and never have to remember that password again.
The future where forgotten passwords don't matter is already here. Welcome to it.
How Passkeys Work on Your Desktop or Laptop
"But what about my computer?" you might be wondering. "My desktop doesn't have a fingerprint reader or a camera for face recognition."
Great news: passkeys work brilliantly on desktop and laptop computers too, and you have several options depending on your setup.
If your laptop has biometric hardware: Many modern laptops come with fingerprint readers or cameras that support Windows Hello (on Windows) or Touch ID and Face ID (on Macs). If yours does, using passkeys is identical to using them on your phone—just a quick touch or glance and you're in.
If your computer doesn't have biometrics: This is where it gets clever. You have three main options:
- Use your phone as your authenticator: When you try to log in on your computer, a notification appears on your phone asking you to confirm it's really you. You unlock your phone with your fingerprint or face, and your computer logs you in. Your phone and computer communicate via Bluetooth or by scanning a QR code to ensure they're physically near each other—this proximity check prevents someone far away from trying to use your credentials.
- Use a simple PIN: Most systems let you set up a device PIN that's much simpler than a password (like a 4-6 digit number). This PIN only works on your specific device and can't be used by hackers because it's paired with the cryptographic keys stored securely in your computer's hardware.
- Add biometric hardware: If you'd like the convenience of biometrics on a desktop computer, you can purchase an external fingerprint reader or a webcam that supports Windows Hello for between £30-60. These plug in via USB and give you the same seamless experience as modern laptops and phones.
What about syncing between devices? If you set up a passkey on your phone, you might wonder if you need to set it up separately on your laptop. The answer depends on your ecosystem:
- Apple users: Passkeys sync automatically across your iPhone, iPad, and Mac through iCloud Keychain
- Google users: Passkeys sync across Android devices and any computer where you're signed into Chrome with your Google account
- Microsoft users: Windows 11 can sync passkeys across your Windows devices when signed in with the same Microsoft account
- Password managers: Services like Dashlane, 1Password, and Bitwarden can store and sync passkeys across any device or platform
The beauty of this system is its flexibility. Whether you're on a phone, tablet, desktop PC, or laptop, passkeys adapt to work with whatever authentication method your device supports.
Quick Guide: Setting Up Your First Passkey
Ready to try it? Here's how:
- Visit a website that supports passkeys (try Google, PayPal, or Best Buy)
- Go to your account security settings
- Look for options like "Passkeys," "Sign in with Face ID," "Sign in with Windows Hello," or "Passwordless sign-in"
- Follow the prompts—usually just a few taps
- Confirm with your fingerprint, face, or PIN
- That's it! Next time you visit, just use your biometric or PIN instead of typing a password
It typically takes less than 60 seconds to set up.
What Happens If I Lose My Phone?
This is the number one question people ask, and it's a good one.
The short answer: you can still access your accounts using your other devices (laptop, tablet, or a new phone once you get one).
Most services let you register multiple passkeys across different devices. So if you set up passkeys on both your phone and your laptop, losing your phone doesn't lock you out.
Additionally, most services still offer backup authentication methods during the transition period. You can usually verify your identity through email, text message, or a backup code.
And when you get a new phone, you can set up new passkeys for your accounts using one of those backup methods. Many phone manufacturers now also allow you to transfer passkeys when you switch devices, just like your other data.
If you're using a password manager like Dashlane, 1Password, or Bitwarden to store your passkeys, they'll sync to your new device automatically when you sign in—making recovery even simpler.
Jargon Buster: 3 Terms You Might Hear
Passkey: A secure way to log in using your fingerprint, face, or device PIN instead of a password. The term comes from "password" + "key," but don't let that confuse you—there's nothing you need to remember or type. Technically, it's a cryptographic key pair where the private key stays securely on your device and the public key is stored by the website.
Biometric: Just a fancy word for using parts of your body (like your fingerprint or face) to identify yourself. You're already using biometrics if you unlock your phone with your face or finger.
Two-Factor Authentication (2FA): When a site asks for two forms of identification, like a password plus a code sent to your phone. Passkeys actually replace the need for this—they're so secure that one factor (your biometric or PIN) is enough, because it's combined with cryptographic proof that you own the device.