matejmo/Getty Images
Like or not, a replacement for passwords -- known as passkeys -- is coming your way, if it hasn't already. The three big ideas behind passkeys are that they cannot be guessed in the way passwords often can (and are), the same passkey cannot be re-used across different websites and apps (the way passwords can), and you cannot be tricked into divulging your passkeys to malicious actors, often through techniques such as phishing, smishing, quishing, and malvertising.
Also: How passkeys work: The complete guide to your inevitable passwordless future
However, as noted in ZDNET's 10 Passkey Survival tips, surviving the transition from passwords to passkeys will involve some advanced planning and even some advanced thinking. For example, for each passkey that you register with a website or app (see 'How Passkeys work: Let's start the passkey registration process'), you will have to decide if you want that passkey to be a syncable or non-syncable (a.k.a. 'device-bound') passkey.
So, what's the difference between these passkeys, and why does it matter?
What is a syncable passkey, and why would you want one?
One of the things that makes passkeys more secure than passwords is that they're so automagical that you, the end user, don't even know what your passkeys are, or where exactly on your device they're stored.
Like passwords, passkeys involve a secret. However, the secret is automatically generated and stored in a secure location, and the end user never comes into direct contact with the passkey in the way they do with passwords.
When the time comes to log in to a website or app (the operators of which are referred to as "relying parties"), the software on your device knows where to find that secret and how to use it to complete the login process without actually sharing the secret with the relying party (see What really happens during your passwordless passkey login).
Also: What if your passkey device is stolen? How to manage risk in our passwordless future
... continue reading