JunkMail
Back to blog

Passkeys vs. Passwords: Which is Better for Your Anonymity?

Passkeys promise enhanced security over passwords. But what about privacy and anonymity? A critical analysis of this new technology.

By Leadership Team1/25/2026

Is the era of passwords coming to an end? Passkeys are being presented as the miracle solution for simpler, more secure authentication. No more weak passwords, phishing attacks, and stolen databases. But behind this promise of security lie significant implications for your anonymity and privacy.

How Do Passkeys Work?

Instead of a password that you create and remember (or worse, reuse), a Passkey is a pair of cryptographic keys: a private key, stored securely on your device (smartphone, computer), and a public key, registered with the online service (website, application).

During login:

  1. The service asks your device to "sign" a request with your private key.
  2. Your device authenticates you (via fingerprint, facial recognition, or PIN) and signs the request.
  3. The service verifies this signature with your public key.

The process is fast, phishing-resistant, and requires no password.

The Security vs. Anonymity Dilemma

From a security standpoint, Passkeys are a major step forward. But what about anonymity? This is where things get complicated.

1. The End of Anonymity at Registration

With passwords, it was possible to sign up for a service with an email alias or even a temporary email address, leaving no trace of your "real" identity. If the service requested personal information, you could lie or provide fictitious data, thereby protecting a certain level of anonymity.

With Passkeys, authentication is directly linked to your device. However, this device is often linked to your real identity (Google account, Apple ID, phone number). It becomes much more difficult to create a truly "anonymous" account without owning a dedicated device not tied to your identity.

2. The Centralization of Identities

Passkeys are often synchronized via a key manager provided by your operating system or browser (Apple Keychain, Google Password Manager, 1Password, Dashlane). This means that a single entity (Apple, Google, etc.) could potentially have a centralized view of all the services you use. Although these companies promise not to do so, the theoretical risk exists, and centralization always raises questions about the control you have over your data.

Your device is a very strong identifier. Unlike an email alias that you can change or delete, your device follows you everywhere. It becomes an almost inseparable digital anchor to your identity. If a Passkey is compromised (which is rare, but not impossible), it could have more serious and harder-to-manage repercussions than simply changing a password.

Email Aliases: Still an Essential Layer of Protection

Passkeys are an undeniable asset for security. But for anonymity, they introduce new challenges. This is why email aliases, like those offered by Junklmail, remain an essential layer of protection:

  • Hiding Your Real Identity: You can still use an alias for registration, even with a Passkey. This means the email address visible to the service remains your alias, not your primary email linked to your identity.
  • Compartmentalization: In the event of centralized Passkey synchronization, the alias ensures that if an email list is compromised, not all your Passkeys are potentially exposed through a single email identifier.
  • Managing "Disposable" Accounts: For services where you want maximum anonymity or temporary use, an alias remains the easiest way to create an account and "throw it away" without leaving identifiable traces.

Conclusion: Increased Security, Anonymity in Question

Passkeys mark a major evolution in online security. They drastically reduce the risks of phishing and password theft. However, for those who value anonymity and the decentralization of their digital identity, they raise new questions.

The adoption of Passkeys requires a reflection on the balance between convenience, security, and privacy. In this new landscape, email aliases do not lose their relevance but instead become an indispensable complementary tool for maintaining a semblance of control over our identity and our data online.