Why are Big Names Ditching Passwords for Passkeys?
Read Time: 4 minutes
Welcome to Your Tech Suite's weekly newsletter where we provide news, tips, and guidance on improving the technology posture in your startup or SMB. A holistic technical C-Suite... for the rest of us.
This Week's TLDR
- The next apex of personal digital security, the Passkey, is more on the horizon than you might think.
- Passkeys simplify authentication with a neat trick of private and public keys, offloading this insecure process to devices like your phone.
- Your digital future is likely a lot less password management and a lot more biometric or device entanglement.
- More fake sites, Apple Anti-trust, Spam Chatbots
Guest Article by: Jon Balter, Area Director of Managed Services for Visual Edge IT . Jon's always had a keen eye for technology and a practical service approach to delivering exceptional services!
Ditching the Password for the Passkey
Are the days of the old password finally over?
The concept of using a password for computer security was first introduced by the Compatible Time-Sharing System (CTSS) at the Massachusetts Institute of Technology (MIT) in the early 1960s.Since then, the practice of changing and memorizing passwords has become a routine part of our digital lives.
As of April 2023, it's estimated that the average internet user manages over 100 passwords.
This raises two important questions: How much cognitive load do these passwords impose, and how secure are they really?
The logical next step to address these challenges is the adoption of password managers. These tools are designed to store, generate, and manage passwords for various online accounts, thereby improving security and simplifying the task of managing complex passwords. However, password managers come with their own set of challenges and potential vulnerabilities:
- Central Point of Failure: Storing all your passwords in one place poses a risk. If a password manager is compromised, it could potentially expose all your stored passwords. This underscores the importance of strong encryption and security measures for password manager applications.
- User Trust and Reliability: Users must trust that the password manager provider has implemented robust security measures. Any software bugs or vulnerabilities could put user data at risk. Moreover, service reliability is crucial; any downtime could prevent users from accessing their accounts.
- Usability and Convenience: Although password managers are intended to be user-friendly, some people may find them difficult to set up or use, especially those who are less tech-savvy. This can hinder widespread adoption.
- Cross-Platform Compatibility: Some password managers may not function seamlessly across all devices and platforms, limiting their utility for users who switch between different devices or operating systems.
Despite the advantages of password managers, they still rely on passwords as their foundation, which are vulnerable to a range of security threats including phishing, password reuse, shoulder surfing, brute force and dictionary attacks, and poor password management practices by websites and service providers.
Enter Passkeys: A New Era of Authentication
The solution to overcoming the limitations of passwords and password managers lies in the adoption of Passkeys.
The concept of Passkeys started gaining traction around 2021 and 2022 when major technology companies like Apple, Google, and Microsoft announced their support for a more seamless and secure authentication experience built on FIDO standards. These efforts aim to establish Passkeys as a universal standard for authentication, offering a user-friendly and secure alternative to passwords and traditional two-factor authentication (2FA) methods.
Passkeys operate using a cryptographic key pair comprising a private key, which is securely stored on the user's device and never shared, and a public key, which is registered with the service (website or app) during the initial setup.
When logging in, the service requests authentication, and the device responds by using the private key to sign a challenge. This signed challenge is then verified by the service using the public key.
Since only the device with the private key can correctly sign the challenge, this method effectively proves possession of the private key without revealing it.
An Example of Passkey Authentication:
Imagine setting up your Amazon account on your iPhone, which saves a private key on your device. When you attempt to log into Amazon again, your iPhone requests a Face ID verification. Upon successful verification, the phone sends the private passkey to Amazon, which then compares the private key with the stored public key. If they match, access is granted.
Modern car keys, like passkeys, embody cutting-edge technology.
Passkeys and keyless entry offer a simplified user experience by eliminating the need for passwords and physical keys.
As technology continues to evolve, it adapts to new threats, underscoring the role innovation plays in secure access.
Using our crystal ball, we can envision a world with no passwords!
Wearables, implants and reliable biometric identification could all communicate with our devices. Shifting the authentication from hard to remember and complex passwords to seamless password-less access.
As this further takes root, the shift from passwords to Passkeys will mark a significant milestone in the evolutions of digital security, promising a more secure, convenient, and efficient way to authenticate user identities.
News
Further down the rabbit hole Alice. Last week we linked to the OneRep.com shenanigans. Further into that story, Krebs On Security has identified a ring of phony people finder sites that are all affiliate linking sites based out of China. Phony companies, phony LinkedIn Profiles, phony executives. All linking back to the Shady Spokeo[.]com. Always be vigilant!
Landmark Anti-trust case. Yes Please! The DOJ is going after Apple, challenging their long held walled-garden model. That's right, the government, a monopoly on legalized force, is suing a company for having a monopoly
Bots and Spam... again. OpenAI's ChatGPT chatbot store is now mostly bots and spam and spammers ruin something else cool in technology. Well, it was a good run I guess.
YTS Weekly Recommendation
Staying ahead of the curve is essential for any business. Yet it can be hard to have the expertise and know how to make sure your partnerships are setup for success!
Your Tech Suite can help you bridge that gap, providing access to a vast array of technology experts. Leverage expert insight, contract negotiation, and increased buying power
It's like having a personal trainer for your business' technology!
Say Hi on LinkedIn, Twitter/X, & Instagram
Did someone send you this awesome email? Subscribe Here
Need additional help? Reach out to the YTS Team!