Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Passkeys authentication. Show all posts

Here's Why Passkeys is a Reliable Option to Safeguard Your Data

 

We all use way too many passwords, and they are probably not very secure. Passkeys are the next step in password technology, aiming to replace passwords with a more secure alternative.

Trouble with passwords 

For a long time, we used usernames and passwords to access websites, apps, and gadgets. A fundamental issue with passwords is that their creators are largely to blame. You have to remember the password, thus it's easy to fall into the trap of using real words or phrases. It's also fairly typical to use the same password across several websites and apps in favour of having unique passwords for each one. 

Although it is obviously not very safe, many individuals continue to use passwords like their birthday or the name of their pet. If they are successful, they can attempt it in every other place you use the same password. Using two-factor authentication and special passwords is essential as a result of this. Password managers, which produce random character strings for you and remember them for you, have been developed to solve this issue. 

Passkey vs. password: What distinguishes them 

Over time, not much has changed with regard to the login and password system. Think of passkeys as a full-fledged alternative for the outdated password system. Basically, the process you use to unlock your phone is the same one you use to sign into apps and websites. 

It is among the fundamental distinctions between passkeys and conventional passwords. All locations where Facebook is accessible accept your Facebook password. On the other hand, a passkey is bound to the machine where it was made. The passkey is far more secure than a password because you're not generating a universal password. 

The same security process can be employed to verify a QR code you scanned with your phone to log in on another device. There are no passwords used, thus nothing can be stolen or leaked. Because you must sign in with your phone in hand, you don't need to be afraid about a stranger across the nation using your password.

Device compatibility

Passkeys are still very new, but they already work with all the best phones and a majority of the best laptops. This is because the tech behemoths Microsoft, Google, Apple, and others collaborated to create them using the FIDO Alliance and W3C standards. 

Apple launched passkeys to the iPhone with the release of iOS 16 in the previous fall. Passkeys eliminates the need for a master password on its devices by using TouchID and FaceID for authentication. Here's how to set up passkeys on an iPhone, iPad, or Mac if you want to try them out for yourself. 

Your passkeys are stored and synchronised using the Google Password Manager if you have one of the top Android phones or an Android tablet. If you want to use passkeys with it, you must first enable screen lock on your Android device, as this stops people with access to your smartphone from utilising your passkeys.

In both Windows 10 and Windows 11, you can use Microsoft's Windows Hello to sign into your accounts using passkeys. Because your passkeys are linked to your Microsoft account, you may use them on any device as long as you're signed in.

Regarding your web browser, passkeys are currently supported by Chrome, Edge, Safari, and Firefox. For Chrome/Edge, you must be using version 79 or above, for Safari, version 13 or higher, and for Firefox, version 60 or higher.

WhatsApp Announces Passkey Support for its Users


The modern digital landscape is witnessing an upsurge in cybercrime activities, and users can no longer rely on strong passwords to protect themselves. 

Thankfully, even on the best low-cost Android phones, biometric authentication is becoming mainstream and easily accessible. This has led to the adoption of passkeys for user authentication by a number of well-known social networking platforms and password manager apps. WhatsApp is the newest application to offer passkey support for all of its users after a month of beta testing. 

Passkeys replace conventional passwords with a unique cryptographic key pair, such that only the users can log in. Only after a successful biometric authentication, the key is made accessible to the respective users, negating the requirement for two-factor authentication techniques like OTP distribution through SMS and email. Passkeys shield users from the risks associated with password reuse and phishing attacks. Google disclosed the new technology supports more rapid user authentication after revealing support for passkey storage in its password manager.  

WhatsApp’s effort in adopting passkey technology came to light in early August. Also, beta testing on the same commenced in late September. 

Now, around a month later, WhatsApp announced support for passkeys was coming in the stable channel on X (formerly Twitter). The feature makes the login process significantly more secure by taking the place of the one-time password (OTP) sent via SMS. The app enables users to authenticate themselves using screen lock options, including their on-device fingerprint, face unlock, PIN, or swipe pattern. In the meantime, Google Password Manager automatically stores the cryptographic key. 

The login system, with no password requirement, turns out to be quite time-efficient for users when they are setting up WhatsApp on a new phone. Commendable enough, WhatsApp is also explaining to online users how passkeys work, in order to secure their accounts.  

Moreover, it is important for users to see the difference between passkeys for logging into WhatsApp and in-app features like WhatsApp chat lock, which still requires biometric authentication. Importantly, passkeys and passwords for traditional user authentication will both be available on WhatsApp.

However, WhatsApp has not yet clarified whether the feature will be made immediately accessible everywhere. Nonetheless, Passkey support, like every other major WhatsApp feature, is anticipated to be implemented gradually in the stable channel. But it is still great to see WhatsApp reiterate its dedication to user security and privacy with features like this.  

Unlocking the Future: Passkeys, the Next Frontier in Online Security

 

If you're someone who juggles numerous passwords in your daily life, you're not alone. Despite the assistance of password managers, the increasing complexity of passwords has become a growing burden for most individuals.

Gone are the days of using easily guessable passwords like "p455w0rd123." Nowadays, every online account demands passwords that are both intricate and distinctive. Vigilance is essential, as any compromise of your passwords can have serious consequences.

Thankfully, a more efficient solution exists: Passkeys.

Passkeys represent an authentication method for websites and applications, first popularized by Apple in June 2022. While Apple introduced support for passkeys in iOS and MacOS, it's not exclusive to the company. This technology is a standard endorsed by major players such as Google, Apple, Microsoft, the World Wide Web Consortium, and the FIDO Alliance.

In practical terms, passkeys are cryptographic keys. Each passkey comprises a public key registered with the online service or app, and a private key stored on a device like a smartphone or computer. Although this may seem complex, passkeys are designed for user-friendliness. To log in with a passkey, you simply use your face, fingerprint, or a PIN, much like unlocking your smartphone. No passwords are involved, which means nothing to memorize or inadvertently disclose to potential hackers.

Passkeys also address the hassle of synchronizing passwords across your devices. Consider a scenario where you typically log into your Google account via a smartphone but wish to use a laptop. This is easily achievable, even if the passkey isn't synchronized with the laptop. As long as the smartphone is within Bluetooth range of the laptop and the user grants approval, the login proceeds without a hitch. What's even more impressive is that the passkey isn't transmitted between the two devices. Instead, after confirming the login, the user has the chance to create a passkey directly on the laptop.

Now, you might wonder if logging in with your fingerprint or face poses a security risk. The answer is no. No biometric data is transmitted to the website or app you're accessing. Instead, this information solely serves to unlock the passkey on your device. It never leaves the device.

To employ passkeys, you'll need:

- A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
- A smartphone or tablet with at least iOS 16, iPadOS 16, or Android 9
- Optionally, a hardware security key with FIDO2 protocol support

Furthermore, the computer or mobile device you use must have a compatible browser like Chrome 109 or later, Safari 16 or later, or Edge 109 or later.

Major tech companies like Apple, Google, and Microsoft offer specific guidance on how to use passkeys on their respective platforms.

For a list of websites supporting passkeys, you can visit passkeys.io. Notable names like Adobe, Google, PayPal, TikTok, Nintendo, and GitHub are among those that have adopted this technology.

If you're not quite ready to fully embrace passkeys, you can experiment with them on passkeys.io's demo. It will walk you through the process of setting up a passkey and using it for logging into a site.

While passkeys represent a significant advancement, it's important to note that passwords aren't going away anytime soon. Passkeys, much like hardware security keys, provide an additional layer of security for accounts and online services that support the feature. Passwords and password managers will remain essential tools for the foreseeable future.