Facebook is adding support for passkeys on its mobile app. That means you’ll be able to log into the platform using your device’s authentication method, like your fingerprint, face scan, or PIN, making it more difficult for bad actors to take control of your account.
Passkeys offer a more secure alternative to typical passwords because they can’t be stolen, guessed, or leaked. They also provide protection against phishing scams, which occur when a bad actor attempts to trick victims into exposing personal information, often by linking to fake login pages. Since your browser automatically links your passkey with a specific domain, it won’t trigger passkeys on phony webpages.
But, as pointed out by the Electronic Frontier Foundation, there’s still a risk if you have your password memorized and type it into the fake webpage anyway.
Meta doesn’t provide a specific timeline for when passkey support will arrive, only saying it will launch on Android and iOS “soon.” The company plans on bringing passkey support to the Messenger app as well, where you’ll be able to use the same passkey you set up for Facebook. Both platforms will join several other big names that have adopted the more secure sign-in method, including Google, Microsoft, Apple, and the Meta-owned WhatsApp.
Even if you set up a passkey, you’ll still be able to use your password to sign into your Facebook or Messenger account. You can log in using other methods, too, including a physical security key or two-factor authentication. Aside from logging into your account, Meta will let you use your passkey when autofilling payment information on Meta Pay as well.
What are passkeys?
Passkeys can replace traditional passwords with your device’s own authentication methods. That way, you can sign in to Gmail, PayPal, or iCloud just by activating Face ID on your iPhone, your Android phone’s fingerprint sensor, or with Windows Hello on a PC.
Built on WebAuthn (or Web Authentication) tech, two different keys are generated when you create a passkey: one stored by the website or service where your account is and a private key stored on the device you use to verify your identity.
Of course, if passkeys are stored on your device, what happens if it gets broken or lost? Since passkeys work across multiple devices, you may have a backup available. Many services that support passkeys will also reauthenticate to your phone number or email address or to a hardware security key, if you have one.
Apple’s and Google’s password vaults already support passkeys, and so do password managers like 1Password and Dashlane. 1Password has also created an online directory listing services that allow users to sign in using a passkey.