Telekom: Customers create over one million passkeys
Telekom has been offering its customers the option of logging in without a password since August.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
More and more websites and apps are offering their users the modern Passkey authentication method recommended by the BSI as an alternative to passwords. Telekom also implemented Passkeys in August without making a big deal of it. Since then, when you log in, you are automatically asked whether you want to save a passkey on the device you are currently using.
A query from heise Security has now revealed that the procedure has apparently been well received: "In the first 4 months that Passkey has been available, over 1 million Passkeys have already been set up. In the same period, more than 30 million logins have been carried out with Passkey," the company explained.
Logging in without a password
Anyone who has set up a Passkey can conveniently log in using their fingerprint, Face ID or a short PIN. It is then no longer necessary to enter a password. In addition to convenience, Passkeys are primarily about security: the process uses modern public key cryptography and creates an individual key pair for each account.
This eliminates widespread and dangerous password recycling, i.e. the effect of users using the same password for several web services out of convenience. In addition, passkeys are automatically resistant to phishing: a passkey only works on the exact website for which it was created. It cannot be used on a phishing website with a slightly different domain.
Videos by heise
Not yet possible without a password
The passkey is always an additional login method at Telekom, so logging in with a password still works. The password is still required to retrieve e-mails via IMAP with a mail client of your choice, for example. It is not yet possible to deactivate the password or even remove it from the account.
This would provide even more security, because if there is no password, it cannot be compromised. So far, only a few website operators have been so consistent. This option could be offered in the future: "In the medium term, we are planning an initially voluntary function to deactivate/delete the password," explained Telekom.
Up to ten passkeys
According to the company, passkeys can already be used to log into the Customer Center (telekom.de), the e-mail center and the MagentaTV app, among other things, and in future this should also work with the MeinMagenta app.
Up to ten passkeys can be created for each Telekom account. And there is an obvious reason for this: Deutsche Telekom only allows so-called "platform authenticators", which usually only store passkeys on the device used and prevent the cross-device use of a passkey.
One passkey per device
This means that you have to create an individual passkey for each device on which you want to use the procedure. However, this is done quickly because the website actively offers to create a passkey after you have logged in on a suitable device using a password. The passkeys can be removed if necessary via the security area of the account settings.
Telekom is probably the largest German company to support Passkeys to date. The Passkeys.directory, which is operated by 1Password, provides a good overview. Numerous international heavyweights such as Adobe, Apple, Amazon, Google, Microsoft, PayPal and many more can already be found there, but only a few local companies.
(rei)
