We have been told for years to choose long and complicated passwords. Today, a new connection method is intended to be more practical and significantly more robust against online scams.
Emails, purchases, streaming, banking, social networks, work… In 2026, you will need a password for each website. Many people reuse the same one, change just one number or opt for a code that is easy to remember. It’s human, but it’s also risky. If only one account is hacked, the others can be hacked as well, and above all you have to start the whole process again: reset link, code received by email, new combination to invent. In short, this model today has its limits.
Furthermore, there is a parallel problem with the security of our online spaces: fake sites. A message that appears to come from a bank, delivery service or well-known platform may encourage people to click on a link and enter its codes. This is one of the techniques most used by scammers on the internet. Even attentive users can be fooled, as some copies are very convincing. So, as long as the connection relies on an identifier to be typed manually, the danger is indeed present. It is precisely this point that large digital companies are seeking to circumvent with another approach.
The principle is simple to understand: instead of writing a password, your device confirms that it is really you behind your screen. The phone, tablet or computer becomes the central part of the connection. To validate, we use what we already use on a daily basis to unlock the screen: PIN code, fingerprint or facial recognition. Clearly, we no longer retain a sequence of characters, we use an already secure device. The specific name? Access keys, also called passkeys.
On the security side, the interest is real. The information used to recognize you remains stored on the device. Your fingerprint or PIN code, depending on the method chosen, will not be sent to the site you are connecting to. The service simply receives proof that the right person validated the request. Result: if a hacker copies a fake site, he does not recover a password that can be reused elsewhere. This method is already starting to appear on many online services. When it is available, it is generally enough to open the connection or security options, then accept the creation of this new access. Then, during subsequent visits, the site will offer to connect via the device used.
There is still an important rule to remember: it is better to reserve this system for your personal devices. If several people use the same phone or the same computer, the logic of trust partly disappears. You also need to keep a serious lock code and keep your devices up to date. As is often the case in digital security, technology helps a lot, but good habits remain useful.
