Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Passwordless. Show all posts
Technology
Passkey passkey authentication Passkey Security Passwordless Passwordless Authentication Technology

Passkeys: The Future of Secure and Seamless Online Authentication

 


Passwords have been a cornerstone of digital security for decades, but managing them has grown increasingly complex. Even with the help of password managers, users face the challenge of creating and remembering countless unique, complex passwords. The days of reusing simple combinations like "p455w0rd123" are long gone, as cyber threats continue to evolve. In response, the tech industry is embracing a more secure and user-friendly solution: passkeys.

What Are Passkeys?

Passkeys are a modern, passwordless authentication method designed to simplify and strengthen online security. Introduced by Apple in 2022 and widely supported by tech giants like Google, Microsoft, and the FIDO Alliance, passkeys leverage cryptographic technology for secure logins. They function using a pair of cryptographic keys:
  • Public Key: Stored with the website or app you're logging into.
  • Private Key: Securely stored on your device and never shared with external services.

This system allows users to authenticate using biometric data—such as facial recognition, fingerprints— or a PIN, eliminating the need for traditional passwords and providing a more seamless, secure login experience.

How Passkeys Improve Security and Convenience

Passkeys offer numerous advantages over traditional password-based systems:
  • Enhanced Security: Since the private key never leaves your device and biometric data is not shared with apps or websites, the risk of data breaches and credential theft is drastically reduced.
  • Phishing Protection: Passkeys are immune to phishing attacks because the authentication process doesn’t involve typing anything that could be intercepted.
  • Cross-Device Accessibility: Users can authenticate on new devices without manually syncing credentials. For example, logging into a Google account on a laptop is possible if a smartphone with the passkey is nearby, thanks to Bluetooth-based proximity authentication. A new passkey can also be generated directly on the new device without transferring the original key.
  • No Need for Password Syncing: Passkeys eliminate the hassle of syncing passwords across devices, offering a unified and straightforward login process.

System Requirements for Passkey Usage

To start using passkeys, devices and software must meet certain requirements:
  • Operating Systems: Windows 10 or later, macOS Ventura or later, and ChromeOS 109 or newer.
  • Mobile Devices: iOS 16+, iPadOS 16+, or Android 9+.
  • Supported Browsers: Google Chrome 109+, Safari 16+, or Microsoft Edge 109+.
Passkeys are now widely supported across desktop and mobile platforms, with adoption rates averaging around 85%, reflecting strong industry momentum toward passwordless security.

Expanding Adoption of Passkeys

Many prominent websites and applications have integrated passkey support, marking a shift toward mainstream adoption. Notable platforms include:
  • Google: Offers passkey login options across its services.
  • PayPal: Allows secure, password-free payments using passkeys.
  • TikTok and eBay: Support passkey authentication for improved account security.
  • Microsoft: Launched passkey support for consumer accounts on World Password Day 2024, with plans to expand across mobile applications.
For a comprehensive list of passkey-compatible services, users can visit passkeys.io.

A New Era of Digital Security

The shift from traditional passwords to passkeys marks a significant advancement in cybersecurity. By combining ease of use with robust protection, passkeys promise a future where users no longer need to juggle complex passwords. Instead, they can enjoy a safer, faster, and more intuitive way to access their digital lives.

As technology continues to evolve, passkeys stand out as a critical innovation that could redefine how we secure our online identities—offering both peace of mind and convenience in an increasingly digital world.
Read more »
Passwordless
Authentication Data Breach Data Privacy Day Data Safety data security Password Passwordless

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself

 

This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.
Read more »
Privacy
Bitwarden Cybersecurity Passwordless Privacy

Another Top Password Manager is Doing Away with Passwords

 


It has been announced that the open-source password manager, Bitwarden, has become passwordless to ease and accelerate users' access to their Bitwarden vaults. It is intended to make the service easier and faster for users. With its wide range of features and low price, Bitwarden is an open-source password manager that is highly secure, comes with tons of extras, and provides security for a low price. 

Also, Bitwarden is a zero-knowledge password manager, which means no one from the company can access or view the information you store in your Bitwarden vault at any time. 

The security tools offered by Bitwarden are on par with what users would expect from a premium password manager, including strong encryption, two-factor authentication (2FA), password security auditing, password breach monitoring, and options to host it either on a cloud service or locally. It is also equipped with a unique Send feature, which allows you to securely send sensitive information and files to non-Bitwarden users while remaining private. 

It is a password manager that lets you keep unlimited passwords across unlimited devices. It is also one of the few password managers that allow unlimited passwords to be synced across unlimited devices on its free plan. This makes it a wise choice for anyone trying to manage their passwords. 

Bitwarden explained in a press release that its update to its device authentication mechanism allows users to approve a login using their mobile device. This is done by exchanging a public and private key between the website's vault and a recognized, authorized device. It is designed to help prevent fraud and identity theft. 

Password-less Bitwarden

Bitwarden is a member of the FIDO Alliance. They are one of the many companies that have been working to improve the security of passwordless logins as part of this move. This system is designed to ensure that phishing and hacking scams are reduced to a minimum. 

A recent in-house survey conducted by Bitwarden is supportive of Bitwarden's commitment to the Alliance. According to the study, "nearly half of companies plan to deploy passwordless technologies shortly," with security being a key driver behind the move. 

According to 1Password, a password management software program, almost half of employees share passwords, putting their secure credentials at risk. The decision to make logins more personal and to move away from password-relying systems, maybe the welcome news that many organizations have been waiting for. 

DuckDuckGo is thrilled to announce that, Bitwarden has been selected for the "first external password manager solution" that will be integrated into Apple's next-generation Safari browser on macOS devices to continue the work that it has been doing to ensure that users' privacy remains protected. 

Passwordless logins are becoming increasingly popular since Apple and Google showcased them at events in the past two years. Consumer interest in them has grown, but few companies have added support for them. PayPal, one of the most popular online payment systems, is now offering the updated type of authentication on its website and app. 
Read more »
Windows Hello
Passwordless Vulnerabilities and Exploits Windows Windows Hello

BHUSA: Windows Hello Passwordless Bypass Disclosed

 

Passwords are usually a vulnerable spot in security, which is why alternatives like Microsoft Hello, which gives a passwordless approach to authentication, are gaining popularity. While Windows Hello promises to provide a more protected experience than conventional passwords, it's a method that might have been circumvented. 

Speaking at the Black Hat USA on August 5, Omer Tsarfati, a security researcher from CyberArk, described a comprehensive attack chain that he used to circumvent Windows Hello. The problems of using regular passwords, according to Tsarfati, are well understood. They are frequently weak and readily crackable, are vulnerable to phishing attempts, and many users reuse passwords across different sites. 

The central point behind passwordless is that instead of using a password, another kind of authentication technology is used to log on to a system. Biometrics, such as fingerprint scanning or face recognition, can be used in passwordless methods. 

Windows Hello is Microsoft's version of a passwordless approach, which launched in Windows 10. Users may utilize face recognition to get access to a system, among other things, with Windows Hello. 

Tsarfati determined that he would need a separate camera to figure out how to get around Windows Hello's face recognition. To that purpose, he purchased an NXP evaluation board, which can connect to a Windows PC through USB and give camera capability. 

Tsarfati's objective was to have the USB device replicate what a genuine Windows system camera would offer to Windows Hello in order to discover what the system is actually processing as it decides whether or not to grant access. 

He found that Windows Hello requires cameras to have an infrared (IR) sensor. In order for Windows Hello to work, the camera must be capable to transmit both a color image and IR frames. 

"Windows Hello doesn't really pay attention to anything that you're sending in the color frames. It's only relying on the infrared, I sent frames of SpongeBob and it worked," Tsarfati stated. 

An attacker would just need a customized USB device that imitates a camera to bypass Windows Hello. That USB gadget would then have to be capable of transmitting an infrared picture, which could be acquired from a victim. 

Tsarfati did not go into considerable detail about how a probable attacker would proceed about capturing an IR image from a victim, but he did show with his own IR image how the Windows Hello bypass works. 

The vulnerability was officially recognized as CVE-2021-34466, which Microsoft patched in July after Tsarfati and CyberArk responsibly revealed it to Microsoft in March of this year.
Read more »
Subscribe to: Posts (Atom)