Five people are seated at desks in an open-office environment working on their laptops while a manager is standing and talking to one employee.
Cyberattackers often target SMBs due to weak security and exposed personal data. Adopting passkeys enhances both security and convenience for businesses and consumers. — Getty Images/Luis Alvarez

Cybersecurity continues to be a significant concern for small and medium-sized businesses (SMBs), which are frequently targeted in attacks. Multifactor authentication (MFA) technology, which requires users to provide at least two forms of identification, is one of the most effective ways to reduce the risk of cyberthreats.

"MFA users are 99% less likely to be hacked, according to the U.S. Cybersecurity and Infrastructure Security Agency," said Karen S. Evans, Managing Director at the Cyber Readiness Institute. "And it's actually relatively easy to use — products that many SMBs use from Microsoft, Google, Apple, and other vendors now have MFA capabilities built in."

One example of MFA technology is the use of passkeys, which have gained traction in recent years for their convenience and efficacy. Here's how passkeys can improve your small business's cybersecurity.

[Read more: Top Obstacles to SMB Cybersecurity and How to Overcome Them]

What is a passkey?

A passkey is a passwordless login method that relies on digital credentials to verify a user's identity. These may include biometrics (such as facial or fingerprint identification), PINs, or even swipe patterns.

Passkeys leverage public key cryptography, which creates both a public and a private key at login. Only the public key is stored on the website; the private key — the information actually needed to authenticate the login — is securely stored in the cloud or on the user's device. This means the private key cannot be copied, stolen, or accessed by anyone but the intended user.

Passkeys vs. MFA: What's the difference?

Passkeys can be considered a modern type of MFA, as both methods provide layered security by requiring multiple forms of authentication. MFA requires users to provide a password along with at least one of the following:

  • A knowledge-based item (e.g., a PIN).
  • An item in the user's possession (e.g., a smartphone).
  • A biometric item (e.g., a fingerprint or voice key).

Passkeys seamlessly combine these varied authentication factors — for example, reading your fingerprint from your smartphone — for layered security without passwords or additional verification steps.

Passkeys seamlessly combine these varied authentication factors — for example, reading your fingerprint from your smartphone — for layered security without passwords or additional verification steps.

Benefits of passkeys for small businesses

According to Marcelo Barros, Global Markets Leader at Hacker Rangers, passkeys offer numerous advantages for businesses, such as:

  • Stronger, future-proofed security: "Passkeys do not pose the risks associated with passwords, such as using weak, commonly used, or easily compromised passwords," explained Barros. "Cybercriminals constantly develop threats, and passkeys allow organizations to keep up with the latest authentication systems for their networks."
  • Improved user experience: Passkeys offer a smooth authentication process, frequently incorporating biometrics. This, Barros noted, eliminates the barrier — and fatigue — of remembering or resetting passwords.
  • Compliance with zero-trust security models: The zero-trust model, widely considered the gold standard in cybersecurity, requires every user to verify their identity continuously. Barros explained that passkey technology complies with this model due to its contextual authentication methods.

Barros added that, although passkeys are "a great step forward … in terms of cybersecurity and business security," they are most effective as "part of a broader, multilayered approach to security."

[Read more: Does Your Business Need Cybersecurity Insurance? Here's What to Know]

How to implement passkeys in your organization

Before rolling out passkeys or other MFA methods, Barros recommends analyzing your current authentication processes to identify potential vulnerabilities. This analysis can help you determine the necessary levels of protection and prioritize systems or positions that have a higher risk of being attacked. Then seek solutions that meet the highest security standards and your business's unique needs.

"Ensure your solutions are compatible with open standards such as FIDO2. Open standards avoid vendor lock-in and allow freedom to make future changes or upgrades," Barros advised. "[Then] rank the vendors according to the subscription cost, the integration effort, and the postsales support."

Once you've chosen a solution, Barros suggests providing your team and customers with simple instructions and training materials. These should highlight the new authentication procedures and explain how they improve security and user experience.

In addition to solution-specific instructions, educating your team on general cybersecurity best practices is crucial. According to Evans, education and awareness are key, especially considering that nearly two-thirds of SMBs do not use MFA in their operations.

"There are many great resources out there for SMBs to learn more about MFA and to help improve their cyber posture," Evans said. "We also recommend that every SMB, regardless of size and resources, appoint an internal 'cyber leader' who is responsible for creating a culture of 'cyber readiness' within the business and among employees."

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Brought to you by
A one-stop shop for the things you need most
Your business deserves only the best. Shop an ever-expanding selection of just what you need delivered right to your office, school, or workplace with Walmart Business.
Learn More
Published