Encircle News!

Retro Game Arcade
, , , , , , ,

What the hell are passkeys and why are they suddenly everywhere?

Katie Malone

Passkeys promise a future without passwords, where we access our accounts as easily as we unlock our phones, with a much higher level of security. Pick your big tech poison, like Apple, Google or Microsoft, and you’ve probably seen it announce a passkey takeover. While a full-on passkey revolution may be a bit away, you may be asked to set one up for your accounts soon.

The username and password approach to logins dates back to the 1960s. Ever since then, it’s been hackable. Passwords are guessable or phishable, especially if you fail to meet industry standards for a complex, strong password. For a while, the solution seemed to be multi-factor authentication, or a way to verify your identity at login via text message, app, hardware key or other methods. But passkey proponents are saying that solving login security problems means reinventing the first step, not adding on additional processes.

“It’s the closest to something that can be scaled to get rid of passwords that we’ve ever seen,” said Megan Shamas, senior director of marketing at industry association FIDO Alliance. A passkey is a digital authentication credential that is securely stored on your device. Instead of what Shamas called a “shared secret” method of passwords, passkeys are a unique key pair for every online service you use bound to the domain. So, if you create one for your online banking account, and a spoofed website prompts you to sign in, the passkey won’t work.

It also prevents phishing attacks because you can’t give away your passkey like you can with a password or MFA phrase. We can’t call it “unphishable,” said Derek Hanson, vice president of solutions architecture and alliances at security authentication company Yubico, but it certainly thwarts the common attack vectors used today. At the very least, it makes it much more costly and difficult for a hacker to get in, making the hackers likely to move on to weaker targets.

For the user, they’re meant to be easier, too. Instead of trying to keep track of nearly 100 passwords or more, the passkey is stored on your device and connects automatically to the service. Similar to unlocking your phone, you’ll need to enter a pin, fingerprint, face scan or other simple authentication to log in. It seems too good to be true, and it sort of is, because it’s still a fragmented space. While the big names have made passkeys trend recently, they could also be holding back widespread use.

Currently, using a passkey locks you into a certain service provider, according to Sayonnha Mandal, Ph.D., lecturer at University of Nebraska Omaha. You can’t, for example, log in to websites on an Android phone with a passkey stored on a MacBook. It’s the kind of lock-in these companies tend to favor because it keeps customers loyal to their brand. So, it’ll take cooperation and “in the absence of a government industrial standard that everybody mandatorily has to adhere to, I don’t think by themselves, the companies would.”

But Shamas says that cross-platform accessibility is coming, as companies sign on to FIDO’s industry standards for passkey development. “The deep investment across the industry (including Apple, Google, and Microsoft) to develop and evangelize the passkey technology speaks to the broad belief in its promise,” said a Google spokesperson. At the time of publication, Google Chrome on Mac and Windows only stores passkeys on the local device.

For now, if a website offers you a passkey login option, you should probably sign up. At least for your most sensitive accounts like online banking, make the switch to passkeys as soon as it’s offered for an added layer of protection on those accounts, Mandal said. But, if passkeys do take over, it will be a slow transition. Services will likely still offer password options because it’s what consumers are used to, and passkeys still don’t have wide enough support.

In the meantime, it’s a good reminder to stay on top of your security settings. If passkeys aren’t available, make sure MFA is set up and your password is strong instead of just avoiding the security reminder pop-ups at log in.

This article originally appeared on Engadget at https://www.engadget.com/passkeys-passwords-authentication-security-133024414.html?src=rss

https://www.engadget.com/passkeys-passwords-authentication-security-133024414.html?src=rss

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI