top of page

PROJECT: PASSKEYS - A MODERN, SECURE ALTERNATIVE TO TRADITIONAL PASSWORDS (PART 1)

  • Isabel Spies
  • 3 days ago
  • 3 min read

PLEASE SHARE THIS PUBLIC DOCUMENT

WHAT ARE PASSKEYS?

  • Passkeys are a new type of login credential designed to replace passwords with something easier to use and much more secure.

  • They are built on public key cryptography and are resistant to phishing, data leaks, and credential theft.

  • They are supported by major platforms like:

    • Apple (macOS, iOS).

    • Google (Android, Chrome).

    • Microsoft (Windows, Edge).

  • Passkeys work seamlessly across devices via cloud sync (e.g., iCloud Keychain, Google Password Manager), or they can be transferred manually using QR codes or Bluetooth.

HOW DO PASSKEYS WORK?

  • Passkeys rely on public-private key pairs.

  • When you sign up for a service:

    • A key pair is created on your device.

    • The public key is sent to the website/server.

    • The private key stays securely on your device (never leaves it).

  • When you log in:

    • The website sends a challenge.

    • Your device signs this challenge with your private key, proving your 

    • identity.

    • Your face, fingerprint, or device PIN is used to confirm the action (depending on your device).

  • No password is typed, stored, or transmitted.

WHAT TO DO WHEN USING PASSKEYS:

  • Use a trusted ecosystem: 

    • Apple, Google, Microsoft, or any reputable password manager that supports passkeys.

  • Turn on device backups:

    • Passkeys are stored in your cloud account (iCloud, Google, etc.), so make sure backups are active.

  • Enable biometric authentication: 

    • This adds another layer of security (Face ID, Touch ID, etc.).

  • Use passkeys on all supported services:

    • The more you use them, the less you rely on vulnerable passwords.

  • Export passkeys only when necessary: 

    • When switching ecosystems or sharing with a new device, be cautious to follow secure procedures.

WHAT NOT TO DO:

  • Do not disable cloud sync unless necessary: It is key for recovering your passkeys if you lose your device.

  • Do not share your device passcode/biometrics: Anyone with access to your unlocked device can use your passkeys.

  • Do not fall for phishing: While passkeys prevent phishing, always ensure you are logging into a legitimate site or app.

  • Do not store screenshots or text versions of passkeys: Unlike passwords, passkeys are cryptographic — you don’t need to remember or write them down.

 PASSWORDS VS. PASSKEYS:

FEATURE

PASSWORDS

PASSKEYS

 Can be guessed/cracked

YES

NO

 Can be reused across sites

YES

NO

 Can be phished

YES

NO

 Need to be remembered

YES

NO

 Stored on servers (risky)

YES

NO

 Biometric support

NO

YES

 Device-bound (for security)

NO

YES

WHY PASSKEYS ARE SAFER:

•  Not phishable: No one can trick you into giving them your passkey.

•  No reuse risk: Each passkey is unique per service.

•  No server leaks: Since private keys aren’t stored on servers, even data breaches cannot expose them.

ARE PASSKEYS PORTABLE:

  • Yes — but with some considerations:

    • Cloud Sync: They travel with your iCloud or Google account to new devices.

    • Manual Transfer: You can scan a QR code from one device to another.

    • Cross-platform: Apple, Google, and Microsoft are collaborating via the FIDO Alliance to ensure interoperability.

  • So, you can use your iPhone to log in to a Windows PC, or your Android phone on a Mac.

DO:

DO NOT:

Use passkeys wherever available

Disable device/cloud security

Keep cloud sync and backups on

Share your device PIN/password

Use biometrics

Write down/export private key manually

Stick to official password managers

Fall for fake login pages

  • Passkeys are the future of login security.

  • They eliminate most of the problems associated with passwords and are becoming more widely adopted.

  • Passkeys are:

    • Easy to use.

    • Highly secure.

    • Fast and convenient.

Please read our follow-up project, which provides a step-by-step guide for enabling and using passkeys.

Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Channel.

This channel is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.


How to Join the WhatsApp Channel:

1. Make sure you have the latest version of WhatsApp on your device.

2. Click on the link below to join the Mike Bolhuis Daily Projects WhatsApp Channel:

3. Follow the prompts to join the channel.

4. Make sure you click on "Follow", then click on the "bell"-icon (🔔)

CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.

ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.

Regards,

Mike Bolhuis

Specialist Investigators into

Serious Violent, Serious Economic Crimes & Serious Cybercrimes

PSIRA Reg. 1590364/421949

Mobile: +27 82 447 6116

Fax: 086 585 4924

Follow us on Facebook to view our projects -


EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.


STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.


POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv

SSS TASK TEAM:
ree

Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.


Our mailing address is:

Mike Bolhuis Specialised Security Services

PO Box 15075 Lynn East

Pretoria, Gauteng 0039

South Africa

Add us to your address book


THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.

CONTACT US

Pretoria, 75 Wapad, Leeuwfontein Estate, Roodeplaat, 0186, South Africa

​​

E-mail: mike@mikebolhuis.co.za
Mobile: 082 447  6116
International: +27 82 447 6116
Fax: 086 585 4924

  • Instagram
  • Facebook
  • YouTube
  • TikTok

Thanks for submitting!

Copyright © mikebolhuis.co.za

MLB DIENSTE CC Reg: 1995/036819/23

PSIRA Reg: 1590364/421949

Rules of engagement

Web design by Mike Bolhuis Cybercrime Unit

bottom of page