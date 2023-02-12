



Internet password deprecation has been proclaimed many times, but this time it may actually come sooner than you think. Passkey.

According to Kathleen Moriarty, Chief Technology Officer of the Center for Internet Security, passkeys are the future of basic Internet security because they are inherently more secure and phishing-resistant. Major companies such as Apple, Google, and Microsoft use standards developed by her two organizations, the FIDO Alliance and the World Wide Web Consortium, to create password authentication standards to support passkeys on their platforms. increase. The list of organizations offering passkeys instead of passwords continues to grow.

“Passkeys are an example of what security should be: seamless and invisible to the end user,” said Moriarty.

How the passkey works

Passkeys allow individuals to access accounts without requiring a password by authorizing logins on external devices.

When someone uses a passkey to log into an account, a prompt (also called a challenge) is sent to an additional device owned by the user (such as a phone) and the user enters some kind of PIN or uses biometric authentication. to approve the login. Like fingerprints and face scans. A mathematical relationship between the public key of the system the user is logged into and the private key of the user’s personal device allows the system to verify that the only person logged into the account is the one with the private key can.

Avoiding human error and hackers

From a security standpoint, passkeys are much more secure than passwords for many reasons.

Each challenge sent by the server is a new challenge and the encryption is different each time. Mutual authentication, which occurs when the server authenticates the user, makes the user less susceptible to cybersecurity attacks. Accessing the keys is much more difficult, as a hacker would need access to both the application’s public key and the user’s device’s private key to gain access to their account.

The main problem with passwords is that they tend to use the same or very similar phrases across multiple platforms to make them easier for humans to remember, and they often contain personal information. . Worse, choosing a simple password (such as “abc123” or “password”) makes it a perfect target for hackers to easily access your personal accounts. This means that a hacker can break into multiple accounts owned by a user just by figuring out her password for one of her websites or platforms.

A passkey eliminates this problem because it leaves no room for human error, which can be a security issue. Each passkey is unique to an individual user and application, so there is no passkey reuse.

“In the past, we were warned not to use passwords across different applications,” said Moriarty. “Passkeys are designed to prevent reuse, so if one application’s keys are exposed to another application, they are completely isolated and cannot be exposed.”

Even if you don’t use a passkey, there are some other efforts to make passwords more secure. For example, using a password manager that securely tracks passwords and other sensitive information in your browser or another app. But these applications aren’t completely immune to security breaches, as evidenced by the August 2022 hack of LastPass, one of the world’s largest password managers.

In any case, users should take some steps to keep their passwords more secure. According to the latest Microsoft Digital Defense Report, the volume of password attacks is soaring to an estimated 921 per second, a 74% increase over the course of the year.

Phishing-resistant authentication will soon become the norm

Most major operating services now allow the use of passkeys. Apple’s latest updates, iOS 16 for his iPhone and macOS Ventura for Mac, now support passkeys. Google will start rolling out passkey support for Chrome on his Android, Windows and macOS in December 2022.

By the end of 2024, the federal government plans to fully transition to a phishing-resistant form of authentication.

“We now have full support for major operating systems that[previously]had only partial support,” said Moriarty. “So this turnaround and push for passkey support is happening pretty quickly right now.”

Internet services and device risks

Passkeys are a relatively new form of logging into personal accounts, so not all services support passkeys, but they are becoming a more common feature.

The only potential downside to using a passkey is if a user loses the secondary device they use to access their account. If this happens, you’ll need to reset your passkey, but it’s a good idea to have a backup device handy to avoid this issue.

