You can now protect your Amazon account with passkeys
After WhatsApp, Amazon is the second company that launched passkeys support this week. Passkeys is a new authentication standard that is said to replace password authentication eventually. Instead of signing in with a username and password, users sign-in using the previously generated passkey and biometrics, the device's PIN or hardware keys.
Passkeys promise better security, as they eliminate brute force and phishing attacks, as well as any other attack targeting passwords.
Not all is golden, but that is true for many new technological standards. To name just a few: not all operating systems support passkeys yet and not all storing and syncing options are already available.
Amazon's Passkeys integration
Amazon customers may enable Passkeys for their account, but not everywhere. Desktop users may select Amazon Menu > Login & Security > Passkey > Set up to start the setup process. Mobile users may not have the option yet.
A click on Set up on the page that opens walks users through the process. This process may be different depending on the operating system. On Windows, users may see a Windows Security prompt. Note that the device needs to support at least one of the authentication options. Users who have not set up a PIN and use devices without biometric authentication options need
Users may save it in the Apple or Google cloud, but only if they use a cloud service account of the provider. Windows does not appear to be supported yet. When users select the cloud option, they may use the same passkey on all of their devices.
The Amazon account password is not removed in the process. It continues to be available and that is the main reason why 2-step verification continues to be enabled as well, if users set it up previously. Even after signing-in with a passkey, Amazon asks users to verify using a one-time code in this case.
Amazon supports creating multiple passkeys for an account, primarily to ensure that users of shared accounts, e.g., several family members, may access the account using passkeys. Instead of requiring that all users create passkeys for their devices, Amazon also supports the option to sign-in with a passkey from another device. This is handled via a Bluetooth connection and requires that the owner of a device with a passkey and the other Amazon user are present.
Closing words
First, it is good that Amazon is introducing support for passkeys. It is up to each customer to decide whether to set up the standard or not. It is easy to set up the passkey on a single device, but syncing or cloud storing is not. This means, that at least some users will use the passkey on a single device only, or set up different passkeys on different devices.
Users with 2-step verification enabled will also need to provide the one-time code whenever they sign-in, which is also far from ideal.
Clearly, passkeys have a long way to go before they they succeed in replacing passwords for the majority of users on today's Internet.
Now you: do you use passkeys?