Why passkeys are the best option for patient data security

Passkeys are on the rise. If you haven’t heard about them yet, this is going to change as more and more businesses adopt them. We recently added passkeys to Cliniko and trust us, they’ll change the start of your workday! Once they’re set up, they’re the quickest and simplest way of logging into your Cliniko account, while also providing the highest level of security.

What is a passkey and how does it work?

Simply put, a passkey is a way of logging in to your account that replaces your password, username, and 2FA. Without getting too technical, a passkey combines two cryptographic keys (a public key from a website server and a private key stored on your device) to grant you secure access to your account.

In practice, this works by harnessing your device’s built-in security features (like your fingerprint, face scan, or PIN) to grant you quick access to your account. So, if you're on a Mac, you simply place your finger on the Touch ID sensor and you're in! If you’re on youriOS or Android phone, you use your Face ID. If you’re a Windows user, you can rely on your Windows Hello process.

In other words, once passkeys are enabled, they replace everything. You no longer need to key in your email address or password—both are replaced with one simple step.

Why can’t I just use a password?

Times have changed. The unfortunate reality is that relying on your username and password is no longer enough to keep an account secure. Passwords are quickly becoming out of date and passkeys are much more secure. It just isn’t possible to make a password long enough to be secure, malicious software is everywhere (we warned about infostealers last year for example), and it’s very common for login details to be stolen and sold.

What kind of attacks am I vulnerable to if I’m relying on only a password?

Phishing is a big problem. This is an online scam tactic that tries to trick you into revealing information like your username, password, or other details that can be used to steal from you. It often takes the form of emails, text messages, or webpages that appear to be from a person or business that you trust—but are fake and designed to capture your data.

Cyber criminals have already tried to do this with Cliniko. Scammers sent our customers emails with a fake message to say that their account had been locked, directing them to a sham Cliniko login page. Any credentials entered on that page were then stolen—and these details could be used to breach Cliniko accounts. We worked with our customers to re-secure their accounts, and no breaches occurred, but phishing attempts will continue.

Passkeys solve all these problems. Unlike a password, they can't be stolen. And because only the real Cliniko login page will prompt you for your passkey, using them means you’re immune to phishing. Using 2FA (two-factor authentication) also prevents phishing—and we’ve therefore encouraged folks to use 2FA for years. But passkeys have a big advantage over 2FA when it comes to speed and convenience.

Why are passkeys better than 2FA?

While both passkeys and 2FA are excellent ways to keep your account secure, passkeys are a much quicker and more convenient option.

We’ve recommended 2FA as a security solution for a long time because it solves the problems arising from passwords. Despite its security benefits, it’s an unwieldy process that can be complex and takes up a lot of time. While passkeys are equally as secure as 2FA, they offer you a speedy way to log in—a touch of your finger or scan of your face and you’re off and running!

Are there any downsides to using passkeys?

The only downside with passkey security at the moment is they are tied to specific devices (like your phone or computer). If you lose access to that device and haven’t set up a backup, like 2FA, you could have trouble logging in. That said, you can set-up multiple passkeys that only you can access—similar to making back-up keys to your household.

Overall, we cannot recommend passkeys highly enough. If you have any questions or you’re not sure how to get started, please reach out to our friendly support team!