SwissPass is introducing passkeys. This allows you to log in without a password. The new function is designed to better protect accounts from hacker attacks.

Petar Marjanović

No time? blue News summarizes for you Since mid-July, SwissPass has been offering Passkeys as a secure login alternative without a password.

The new method is a response to several cases of fraud in Valais in which stolen access data was misused.

Anyone who loses their cell phone or laptop must re-identify themselves with ID at the SBB counter. Show more

In mid-July, SwissPass introduced a new way of logging into the customer account securely and easily: with so-called passkeys. Instead of having to remember a complicated password, all you need is a device such as a smartphone or computer on which the passkey is stored. Login is then "biometric" - for example by fingerprint or facial recognition.

The technology behind this works with a digital key pair: A private key - which can be thought of as a cryptographic jumble of characters - remains securely on your own device, while the public key is linked to the SwissPass service.

When logging in, the system checks whether the correct device is being used - without the password having to be entered or saved anywhere. This makes it more difficult for criminals to gain access using stolen passwords.

This is often the biggest problem behind alleged "hacks": cybercriminals know that many internet users use the same password on several websites. If one database is hacked, it is often possible to access a number of other websites. Tech companies are also aware of this. Google introduced passkeys as a login method back in 2023.

SwissPass shows users how well they protect their account. Screenshot

Criminals bought train tickets abroad

The background to the new login method is a series of fraud cases. In the canton of Valais, 16 SwissPass accounts have been hacked since the beginning of the year. According to the cantonal police, unknown persons used stolen access data to buy train tickets in someone else's name. The damage amounted to several thousand francs. The police are not revealing exactly how the perpetrators proceeded - for reasons of investigative tactics.

In response, SwissPass introduced an additional security code back in May. Anyone who wants to log in from a new device must also enter this code. Since July, users have also been able to log in voluntarily with a passkey. The advantage: if you log in with a passkey, you no longer need a second factor - at least as long as the device is secure.

One disadvantage remains: If you lose your cell phone or laptop, you have also lost your access. SwissPass therefore offers an analog fallback solution. Anyone who loses access can identify themselves with an ID card at a staffed SBB counter and thus regain access to their account.

What are passkeys? Passkeys replace traditional passwords with a pair of keys. The secret key remains securely on the device and is never shared with the service.

Instead of a password, Passkeys use a cryptographic key pair. The private key remains securely on the device and authenticates you with a digital signature when you log in.

Access is via fingerprint, Face ID or PIN - directly via smartphone, tablet or computer.

Passkeys are supported by modern operating systems and browsers and can be synchronized across devices. Show more

