Skip to main content
Wake Forest University

Resist the phish: More on passkeys, the most phishing-resistant 2-step option

Modified on: Mon, Apr 14, 2025 3:01 PM


About Passkeys and Security Keys

  • First, it is important to know that passkeys are used at Wake Forest as a 2nd factor (2-step verification) for our WFU Google Accounts. 


Security Keys

What they are:

  • A physical security key usually looks like a flash drive and you can keep it handy on your keychain.   
  • They stay "bound" to that device and don't travel anywhere else.   

Example:

  • Plug in your security key and when prompted, tap the device to unlock access to your account.

Passkeys:

What they are:

  • passkeys are stored in a secure cloud service, like Apple's iCloud Keychain or Google Password Manager.   
  • This allows them to "sync" across all your devices that are connected to that service.   

Convenience:

  • This makes logging in much easier, as you can use the same passkey on any of your devices.   
  • It also provides backup and recovery options if you lose a device.

Security:

  • Even when passkeys are synced using a cloud service like iCloud, the private key portion remains primarily within the Secure Enclave of your devices. This means it's heavily protected from software-based attacks.

Example:

  • When prompted, tap your finger to enage your TouchID and unlock your passkey for accessing your WFU account.

Key Differences Summarized:

  • Location: security keys are on a single device; passkeys are in the cloud.   
  • Convenience: passkeys are more convenient 
  • Security: Both are the most phishing-resistant 2-step options. Passkeys are very secure but with a slightly higher theoretical risk.   

Which is Better?

  • It depends on your priorities.
  • Many people will likely use a mix of both. For example, using device bound passkeys for very sensitive accounts like banking, and synched passkeys for more general use.
  • IS recommends setting up multiple passkeys, including synched (Google Password Manager, iCloud, Windows Hello), as well as device-bound (security key such as Yubikeys)

Ready to set up passkeys?

Visit go.wfu.edu/passkeys to learn how.


Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.