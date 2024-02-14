



In a world where escalating cyber threats and data breaches have become all too common, the inadequacies and immense risks associated with traditional passwords and traditional authentication methods have never been more apparent.

Recognizing the urgent need for stronger and more user-friendly authentication methods to protect users from growing threats such as phishing, three major technology giants, Google, Microsoft, and Apple, recently stepped up efforts to develop passkeys. is included.

What is a passkey?

Passkey seamlessly authenticates users using a digital key stored on their computer or device. It is considered a good alternative to passwords because users do not have to remember or manually enter long strings of characters that can be forgotten, stolen, or intercepted by malicious parties.

Specifically user-centric Passkey combines advanced encryption with hardware-based security integration. We may also use biometric data in some cases, but this is optional.

Passkeys simplify and secure the login process, giving both businesses and consumers access to modern, phish-resistant authentication.

This monumental shift in the adoption of passkeys by big tech giants and other companies around the world represents a significant step toward achieving a more secure online future without passwords and outdated authentication methods.

Password restrictions

Traditional passwords have been the cornerstone of digital security and served as the first line of defense for decades, since the birth of the Internet. However, as cyber threats become increasingly sophisticated, their effectiveness is decreasing. For example, the Verizons Data Breach Investigations Report (DBIR) found that a staggering 82% of data breaches are due to stolen login credentials. Traditional password limitations are:

Highly secure and susceptible to phishing: Passwords are extremely insecure as they can easily be stolen through phishing attacks and brute force techniques. Complexity vs. Ease of Use: Striking the right balance between creating complex, secure passwords and ensuring ease of use is a constant challenge for users. Password fatigue: Managing and remembering numerous passwords for various online accounts has created a condition commonly referred to as password fatigue. Social Engineering: Passwords are often compromised through social engineering, where attackers manipulate individuals into divulging sensitive information.Problems with traditional authentication methods

Before the advent of hardware security keys and passkeys, users had limited authentication options other than passwords, and none of them offered robust protection against phishing attacks. Not all multi-factor authentication (MFA) methods are created equal. Most are not designed with security in mind and are therefore susceptible to compromise by fraudsters.

Widely used traditional MFA methods, such as numeric codes and one-time passwords (OTPs) sent to users via SMS or email, often require memorization and are difficult to connect to internet access and phone signals. It depends on having a equipped, functioning, connected and charged phone. The user experience is clunky and often leads to user dissatisfaction.

Other traditional MFA methods include time-based devices that rely on batteries and run the risk of running out of power, and push apps require users to carry their phones with them at all times and connect to the internet. Unfortunately, all of these traditional authentication approaches exhibit vulnerabilities to cybercriminal activity.

Recognizing these limitations, leading technology companies have embarked on a journey towards a password-free future. Microsoft, Google, and Apple are working on passkeys, a promising alternative that solves many of the shortcomings of traditional passwords.

Copy the efforts of global technology leaders

Successful passwordless strategies rely on improved user experience, increased security, and broad interoperability across devices, browsers, and platforms. Achieving this requires industry-wide adoption, collaboration, and education on the effectiveness and benefits of passkeys over traditional passwords.

The seamless integration of the FIDO2 passwordless experience would not work without standards across devices, apps, and services that require no additional proprietary software. This requires widespread industry adoption, collaboration, and education about passkeys.

How tech giants are advocating for a password-free future

The big appeal of passkeys in the consumer space is that the three largest technology vendors that develop operating systems and devices are integrating passkeys into everyday consumer devices such as phones and laptops.

microsoft

Microsoft's commitment to a passwordless future is evident in initiatives like Windows Hello. Windows Hello improves security and user experience by allowing users to log in using biometric data such as fingerprints, facial recognition, and hardware-based passkeys (security keys).

Google

Google is actively promoting a passwordless ecosystem using FIDO2-based authentication. Services such as Google's Smart Lock and Android's biometric options facilitate a seamless and secure user experience and reduce users' reliance on passwords.

apple

Apple pioneered biometric authentication with Face ID and Touch ID, providing a frictionless login experience while maintaining high security. Apple's WebAuthn support standardizes passwordless authentication and is compatible with security keys and passkeys.

Take out

Security has become a serious concern for consumers as the frequency and sophistication of cyber-attacks involving consumers has escalated, exposing the limitations of traditional password-based or traditional authentication methods. Support for passkeys from leading technology companies is therefore a pivotal turning point in the digital security journey.

More secure, user-friendly, and easily accessible authentication methods, such as hardware security keys and passkeys, are widely adopted. As we continue to embrace a password-free future, we can expect a more secure and convenient online experience, unburdened by the shackles of passwords and outdated and difficult-to-use authentication methods.

*Geoff Schomburgk is responsible for driving the Yubico business across the Asia Pacific and Japan (APJ) region, working with partners and enterprise customers to implement modern, phish-resistant authentication. He has a background in engineering and strategic consulting and is an experienced senior executive with over 30 years of experience in his ICT industry worldwide. Geoff holds a Bachelor of Engineering (Hons) and his MBA and is also a Company Director (FAICD).

Top image credit: iStock.com/ArtemisDiana

