Experts say we should use passkeys, but can a smartphone PIN really be safer than a password?

The long-running series in which readers answer other readers’ questions explores a topical issue of personal cybersecurity

• Readers reply: https://www.theguardian.com/lifeandstyle/2026/jun/07/readers-reply-alien-music-playlist-first-contact">If an alien asked you: ‘What is music?’ what would you play for them?

I’ve been struggling to get my head around the idea that a passkey, which can be a PIN on your phone, or facial recognition, can be safer than using a complicated password, and two factor authentication.

I get that having something unique to your device, not stored on a company’s server is unphishable, and less hackable by cybercrims, but what if your phone is nicked and someone guesses the password?

And what if you lose your phone?