Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks.
Passkeys are digital credentials that let you use biometric controls or PINs linked to a device, such as phones, computers, and USB security keys, to log in to websites.
Using passkeys significantly reduces the risk of network and data breaches, as well as compromised accounts. Passkeys act as a safeguard against phishing attacks and information-stealing malware, preventing the theft of authentication information.
From a user standpoint, passkeys also make it significantly easier to log in to an account, as you no longer need to use a password manager or memorize distinct passwords for each site.
Amazon adds passkey support
Amazon recently added a new section in the Your Account > Login & security settings that lets you generate a passkey that can be used to log in to the site.
Once you click on the ‘Set up’ button on Amazon, you will be prompted to either use Windows Hello, a security key, or your mobile device to generate the passkey.
In our tests setting up an Amazon passkey, we did so on Google Chrome and Microsoft Edge using a Yubikey to generate the passkey but were unable to use a Google Titan security key. We were also unable to get this feature to work on Mozilla Firefox.
Furthermore, we could use Windows Hello on Windows 11 to create a passkey, but Windows 10 does not support this feature.
Once the passkey is generated, on the next login, you will be prompted as to whether you wish to enter your password or “Sign in with a passkey,” as shown below.
Once we clicked on the sign in with a passkey option, we were asked to enter a pin and then touch our Yubikey, which logged us into Amazon.
It is important to note that setting up a passkey does not prevent using your password to log in to the account as well.
However, passkeys are more secure, so they allow you to bypass entering your passwords and potentially put them at risk if entered on a phishing landing page.
While passkey support on Amazon is a big step forward in security and ease of use, it does not come without some issues.
For example, unlike other passkey implementations, Amazon does not let you name or manage passkeys individually. Instead, they are lumped together, and if you want to delete a passkey, you have to delete all of them,
Furthermore, as all of Amazon’s geographic sites are treated as different security boundaries, any passkeys you make at one Amazon site will not be usable at Amazon sites in other regions.
More sites go passwordless
Passkeys are becoming an increasingly popular feature, with many companies now supporting the feature.
Yesterday, WhatsApp announced on Twitter that Android users will soon be able to use passkeys to log into WhatsApp.
“Android users can easily and securely log back in with passkeys only your face, finger print, or pin unlocks your WhatsApp account,” tweeted WhatsApp.
Other well-known sites supporting passkeys include BestBuy, eBay, Paypal, and GoDaddy.