Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Passkeys. Show all posts
Technology
Authentication Cybersecurity Digital Identity Encryption Passkeys Passwordless Technology

Hawcx Aims to Solve Passkey Challenges with Passwordless Authentication

 


Passwords remain a staple of online security, despite their vulnerabilities. According to Verizon, nearly one-third of all reported data breaches in the past decade resulted from stolen credentials, including some of the largest cyberattacks in history.  

In response, the tech industry has championed passkeys as a superior alternative to passwords. Over 15 billion accounts now support passkey technology, with major companies such as Amazon, Apple, Google, and Microsoft driving adoption.

However, widespread adoption remains sluggish due to concerns about portability and usability. Many users find passkeys cumbersome, particularly when managing access across multiple devices.

Cybersecurity startup Hawcx is addressing these passkey limitations with its innovative authentication technology. By eliminating key storage and transmission issues, Hawcx enhances security while improving usability.

Users often struggle with passkey setup and access across devices, leading to account lockouts and costly recovery—a significant challenge for businesses. As Dan Goodin of Ars Technica highlights, while passkeys offer enhanced security, their complexity can introduce operational inefficiencies at scale.

Hawcx, founded in 2023 by Riya Shanmugam (formerly of Adobe, Google, and New Relic), along with Selva Kumaraswamy and Ravi Ramaraju, offers a platform-agnostic solution. Developers can integrate its passwordless authentication by adding just five lines of code.

Unlike traditional passkeys, Hawcx does not store or transmit private keys. Instead, it cryptographically generates private keys each time a user logs in. This method ensures compatibility with older devices that lack modern hardware for passkey support.

“We are not reinventing the wheel fundamentally in most of the processes we have built,” Shanmugam told TechCrunch.

If a user switches devices, Hawcx’s system verifies authenticity before granting access, without storing additional private keys on the new device or in the cloud. This approach differs from standard passkeys, which require syncing private keys across devices or through cloud services.

“No one is challenging beyond the foundation,” Shanmugam said. “What we are challenging is the foundation itself. We are not building on top of what passkeys as a protocol provides. We are saying this protocol comes with an insane amount of limitations for users, enterprises, and developers, and we can make it better.”

Although Hawcx has filed patents, its technology has yet to be widely deployed or independently validated—factors that could influence industry trust. However, the company recently secured $3 million in pre-seed funding from Engineering Capital and Boldcap to accelerate development and market entry.

Shanmugam revealed that Hawcx is in talks with major banks and gaming companies for pilot programs set to launch in the coming weeks. These trials, expected to run for three to six months, will help refine the technology before broader implementation. Additionally, the startup is working with cryptography experts from Stanford University to validate its approach.

“As we are rolling out passkeys, the adoption is low. It’s clear to me that as good as passkeys are and they have solved the security problem, the usability problem still remains,” Tushar Phondge, director of consumer identity at ADP, told TechCrunch.

ADP plans to pilot Hawcx’s solution to assess its effectiveness in addressing passkey-related challenges, such as device dependency and system lockups.

Looking ahead, Hawcx aims to expand its authentication platform by integrating additional security services, including document verification, live video authentication, and background checks.

Read more »
Password Hacking
Authentication Cyber Security Google security hardware vulnerabilities Passkey Security Passkeys Password Hacking

Why Passkeys Are the Future of Digital Authentication

 

Passwords have been a fundamental aspect of digital security for years, but they come with significant drawbacks. They are not only a hassle to remember but also vulnerable to various hacking techniques. Passkeys have emerged as a robust alternative, offering a more secure and user-friendly approach to account authentication. This new method utilizes your device, such as a smartphone or laptop, as an authenticator, employing either a PIN or biometric verification like fingerprint or facial recognition. 

The primary advantage of passkeys is that they eliminate the need for passwords entirely. This reduces the risk of phishing attacks, as there is no password for hackers to steal or guess. Additionally, passkeys are tied to the user’s device, making unauthorized access much more difficult. Without passwords to remember, users can enjoy a more streamlined and secure login experience. Major tech companies are already supporting the adoption of passkeys. For instance, setting up passkeys on a Google account involves visiting the Google Passkeys page and configuring the passkey with your device. Microsoft accounts can similarly be secured with Windows Hello or a PIN. Apple integrates passkeys with iCloud Keychain, making it easy for users to transition. These companies are not alone. Other platforms like Amazon, Adobe, Discord, eBay, GitHub, LinkedIn, Shopify, and WhatsApp have also embraced passkeys. 

This widespread support highlights the growing recognition of passkeys as the future of digital security. One concern with passkeys is the potential for losing access if the device is lost. Fortunately, most major tech companies allow passkeys to be synced across devices or securely stored in the cloud with end-to-end encryption. This means that users can restore their passkeys on a new device if their original one is lost. 

However, if a hardware security key is lost and not backed up, access to accounts could be permanently lost. Despite these concerns, device-based authentication is inherently secure. Modern devices are equipped with advanced security measures that make unauthorized access extremely difficult. Even if a device is stolen, the thief would need to bypass biometric or PIN verification to access sensitive information. Passkeys are stored in a Trusted Platform Module (TPM), ensuring that they are securely protected. In summary, passkeys represent a significant advancement in digital security. 

They offer a more secure, user-friendly alternative to traditional passwords, addressing many of the vulnerabilities associated with password-based authentication. As more services and devices adopt this technology, passkeys are poised to become the standard for secure online access. This shift not only enhances security but also simplifies the user experience, making it easier for individuals to protect their digital identities.
Read more »
User Privacy
Cyber Security Data Safety Passkeys Passkeys authentication User Privacy

Here's Why Passkeys is a Reliable Option to Safeguard Your Data

 

We all use way too many passwords, and they are probably not very secure. Passkeys are the next step in password technology, aiming to replace passwords with a more secure alternative.

Trouble with passwords 

For a long time, we used usernames and passwords to access websites, apps, and gadgets. A fundamental issue with passwords is that their creators are largely to blame. You have to remember the password, thus it's easy to fall into the trap of using real words or phrases. It's also fairly typical to use the same password across several websites and apps in favour of having unique passwords for each one. 

Although it is obviously not very safe, many individuals continue to use passwords like their birthday or the name of their pet. If they are successful, they can attempt it in every other place you use the same password. Using two-factor authentication and special passwords is essential as a result of this. Password managers, which produce random character strings for you and remember them for you, have been developed to solve this issue. 

Passkey vs. password: What distinguishes them 

Over time, not much has changed with regard to the login and password system. Think of passkeys as a full-fledged alternative for the outdated password system. Basically, the process you use to unlock your phone is the same one you use to sign into apps and websites. 

It is among the fundamental distinctions between passkeys and conventional passwords. All locations where Facebook is accessible accept your Facebook password. On the other hand, a passkey is bound to the machine where it was made. The passkey is far more secure than a password because you're not generating a universal password. 

The same security process can be employed to verify a QR code you scanned with your phone to log in on another device. There are no passwords used, thus nothing can be stolen or leaked. Because you must sign in with your phone in hand, you don't need to be afraid about a stranger across the nation using your password.

Device compatibility

Passkeys are still very new, but they already work with all the best phones and a majority of the best laptops. This is because the tech behemoths Microsoft, Google, Apple, and others collaborated to create them using the FIDO Alliance and W3C standards. 

Apple launched passkeys to the iPhone with the release of iOS 16 in the previous fall. Passkeys eliminates the need for a master password on its devices by using TouchID and FaceID for authentication. Here's how to set up passkeys on an iPhone, iPad, or Mac if you want to try them out for yourself. 

Your passkeys are stored and synchronised using the Google Password Manager if you have one of the top Android phones or an Android tablet. If you want to use passkeys with it, you must first enable screen lock on your Android device, as this stops people with access to your smartphone from utilising your passkeys.

In both Windows 10 and Windows 11, you can use Microsoft's Windows Hello to sign into your accounts using passkeys. Because your passkeys are linked to your Microsoft account, you may use them on any device as long as you're signed in.

Regarding your web browser, passkeys are currently supported by Chrome, Edge, Safari, and Firefox. For Chrome/Edge, you must be using version 79 or above, for Safari, version 13 or higher, and for Firefox, version 60 or higher.
Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
WebAuthn standard
authentication methods Biometric data Cyber Security Identity verification login success rate Online Authentication Online Security Passkeys password strength Passwords user-friendly WebAuthn standard

Passkeys vs Passwords: The Future of Online Authentication

 

In the realm of online security, a shift is underway as passkeys gain traction among tech giants like Apple, Google, Microsoft, and Amazon. 

These innovative authentication methods offer a more seamless login experience and bolster cybersecurity against threats like malware and phishing. However, traditional passwords still hold their ground, allowing users to retain control over their security preferences.

A password is a unique combination of characters, including upper and lower case letters, numbers, and symbols, used to verify a user's identity. While originally designed to be memorized or manually recorded, they can now be securely stored online with tools like NordPass.

Passkeys, the technologically advanced successors to passwords, rely on PINs, swipe patterns, or biometric data (such as fingerprints or facial scans) for identity verification. They leverage the WebAuthn standard for public-key cryptography, generating a unique key pair on user devices, making them impervious to theft or forgetfulness.

Passkey vs Password: Security Comparison

Passkeys and passwords vary fundamentally in design, approach, and effectiveness in securing accounts. Here are some key distinctions:

Cybersecurity:

Passwords are susceptible to hacking, especially those with fewer than 10 characters. Passkeys, on the other hand, utilize biometric data and cryptographic methods, drastically reducing vulnerability. Only with access to the user's authenticator device and biometric information can a passkey be breached.

Convenience:

Creating, recalling, and managing complex passwords can be arduous and time-consuming, leading to 'password fatigue.' Passkeys, once set up, facilitate quick and seamless authentication, eliminating the need to remember multiple passwords.

Login Success Rate:

Passkeys have a significantly higher success rate compared to passwords. Recent data from Google revealed that while passwords succeed only 13.8% of the time, passkeys boasted a success rate of 63.8%.

Popularity:

Although passkeys are gaining traction, they are not yet universally supported. Familiarity with passwords and concerns over passkey error handling and biometric privacy contribute to their slower adoption.

The Evolution of Authentication

While passkeys represent a significant leap forward in security and user-friendliness, the demise of passwords is a gradual process. The established dominance of passwords, spanning over half a century, requires a patient transition. Behavioral habits and the need for technological refinement play pivotal roles in this shift.

Presently, passkey usage is seldom mandatory, allowing users to choose their preferred verification method. For sites exclusively supporting passwords, outsourcing password management is advisable, with various free tools available to assess password strength.

In conclusion, the future of online authentication is evolving towards passkeys, offering a more secure and user-friendly experience. However, the transition from passwords will be a gradual one, shaped by technological advancements and user behavior.
Read more »
User Security
Cyber Security Data Safety Passkeys Password Management User Security

Here's Why Passkeys is a Good Option to Safeguard Your Data

 

The future belongs to passkeys. Even though you may not be using them yet, the time is quickly approaching when we won't need to create or remember passwords and will only need to use our username and biometrics to log in. 

However, it's evident from recent discussions with people outside of the tech sector that most customers don't even comprehend passkeys, much less trust them to safeguard their sensitive information and identities.

A passkey, in its simplest form, is an encrypted identity system that is localised and frequently employs biometrics for authentication. When you log in again, the system that you created the passkey for will read your shared user ID and request authentication (the passkey). The biometric security system you now have on your computer or phone can then be used for authentication. This might be an iris scan, facial recognition, or fingerprint. 

The system you are login into or yours does not ask for a password at any point during this process. To put it more tactically, let's say you go to Gmail and type in your user ID. After the mail platform accepts the ID, it issues a challenge that your passkey must locally answer in order to return a signature. The system can now request the biometric authentication that you previously configured on your laptop or phone. This page explains how passkey registrations and logins work. 

All I've explained takes place in a matter of seconds and doesn't require you to remember your login information or even have access to a password manager. 

Passkeys are powered by cryptographic wizardry that is concealed and never forces you to think about it, even if the backend system that manages all of this is quite complex and much beyond the comprehension of most users.

It's interesting to note that some customers still don't trust this level of protection since they think their phones could be stolen and used to access their accounts. This is untrue since the perpetrator would still want your fingers, face, or eyes. Yes, there is always the awful chance that someone will steal those pieces, but it is a very slim one. 

In the IT sector, there is a general consensus that passwords constitute a weak security system. One strong master password may not be the only password manager that puts you at risk. It's possible that those passwords are no longer secure after some of them have been hacked. Additionally, you are once again at risk if the password that secures the system is compromised.

Clearly, it's not just customers. Industries, institutions, and industries are suffering as a result of frequent ransomware attacks. Many of them begin with social engineering emails and then move on to other things like installing keystroke sniffing software, which allows them to track users as they input their passwords and IDs. But what if you never input a password? The ransomware attack could be thwarted before it starts. There is no other logical solution except a passwordless system.
Read more »
WhatsApp security features
Biometric Authentication cryptographic keys Cyber Security Passkey Security Passkeys Passkeys authentication WhasApp WhatsApp security features

WhatsApp Announces Passkey Support for its Users


The modern digital landscape is witnessing an upsurge in cybercrime activities, and users can no longer rely on strong passwords to protect themselves. 

Thankfully, even on the best low-cost Android phones, biometric authentication is becoming mainstream and easily accessible. This has led to the adoption of passkeys for user authentication by a number of well-known social networking platforms and password manager apps. WhatsApp is the newest application to offer passkey support for all of its users after a month of beta testing. 

Passkeys replace conventional passwords with a unique cryptographic key pair, such that only the users can log in. Only after a successful biometric authentication, the key is made accessible to the respective users, negating the requirement for two-factor authentication techniques like OTP distribution through SMS and email. Passkeys shield users from the risks associated with password reuse and phishing attacks. Google disclosed the new technology supports more rapid user authentication after revealing support for passkey storage in its password manager.  

WhatsApp’s effort in adopting passkey technology came to light in early August. Also, beta testing on the same commenced in late September. 

Now, around a month later, WhatsApp announced support for passkeys was coming in the stable channel on X (formerly Twitter). The feature makes the login process significantly more secure by taking the place of the one-time password (OTP) sent via SMS. The app enables users to authenticate themselves using screen lock options, including their on-device fingerprint, face unlock, PIN, or swipe pattern. In the meantime, Google Password Manager automatically stores the cryptographic key. 

The login system, with no password requirement, turns out to be quite time-efficient for users when they are setting up WhatsApp on a new phone. Commendable enough, WhatsApp is also explaining to online users how passkeys work, in order to secure their accounts.  

Moreover, it is important for users to see the difference between passkeys for logging into WhatsApp and in-app features like WhatsApp chat lock, which still requires biometric authentication. Importantly, passkeys and passwords for traditional user authentication will both be available on WhatsApp.

However, WhatsApp has not yet clarified whether the feature will be made immediately accessible everywhere. Nonetheless, Passkey support, like every other major WhatsApp feature, is anticipated to be implemented gradually in the stable channel. But it is still great to see WhatsApp reiterate its dedication to user security and privacy with features like this.  

Read more »
Password Security
Cyber Security data security FIDO Passkeys Password Security

Passkeys: Your Safe Vault for Data Security


Passwords need to be fixed. They're difficult to remember and simple to guess, and protecting them from threat actors is a hassle. To take care of this issue, the Fast Identity Online Alliance (FIDO) created passkeys, a type of passwordless authentication tech. Passkeys take out the need to enter your email address or secret key into login handles around the web, making it harder for threat actors to take your credentials and get into your data.

What is a Passkey?

A passkey is a way of signing in to applications and sites without using a username and secret word mix. It's a couple of cryptography keys created by your gadget. Public and confidential keys squeeze to make a passkey that opens your record. Applications or sites store your unique public key. Your confidential key is just put away on your device, and after your device authenticates your identity, the two keys join to allow you to log in to your record.

Advantages of Passkeys

Passkeys have a lot of advantages; for instance, they can't be assumed or shared. Passkeys are safe from phishing attempts since they're unknown to the destinations they're made for, so they won't chip away at fake carbon copy locations. In particular, if your info is ever leaked, your passkeys can't be taken by hacking into an organization's server or data set, making the information taken out in such hacks less important to threat actors

The most effective method to Get Passkeys

Passkeys are one of a kind to each application or site and are put away in a secret phrase director's vault or your device’s keychain. Normally, the device or programming producing the passkeys uses a biometric verification instrument, like FaceID or TouchID, to confirm your identity. On the off chance that a secret hint is the passkey source, you can sign in to the application using areas of strength for a secret word rather than biometric verification.

Passkeys: Where can we use them?

Many websites, including Best Buy, eBay, Google, Kayak, and PayPal, support passkeys. 1Password, a password management company, has a community site where users may report websites that allow passkey logins. Some of the sites on that list still require a standard username and password for initial account creation and logins, such as Adobe.com, but you can set up a passkey to use for future logins by accessing the Settings menu.


Read more »
Subscribe to: Posts (Atom)