Navigator
Facebook
Search
Ads & Recent Photos
Recent Images
Random images
Welcome To Roj Bash Kurdistan 

Passkeys: What They Are and Why You Need Them

Share information about Computer , Internet, Websites ,Programming and other new technologies

Passkeys: What They Are and Why You Need Them

PostAuthor: Anthea » Mon Oct 28, 2024 4:08 pm

Passkeys: What They Are
    Why You Need Them
Passwords, they’re somehow both easily guessable and hard to remember, and keeping them out of the hands of criminals is tough. To solve that problem, the Fast Identity Online (FIDO) Alliance developed passkeys, a different authentication technology. Passkeys eliminate the need to enter your email address or password into login fields around the web

Passkeys have plenty of benefits; for example, they cannot be guessed or shared. Also, passkeys resist some phishing attempts because they're unique to the sites they're created for, so they won't work on fraudulent lookalikes. Most importantly, in the age of near-constant data breaches, your passkeys cannot be stolen by hacking into a company's server or database, making the stolen data far less valuable to criminals.

You can use passkeys on various apps and websites now, but what are they? Should you use them? Are they really more secure than traditional login credentials? Let's talk about it.

What Is a Passkey?

A passkey is a way to log in to apps and websites without using a username and password combination. It's a pair of cryptography keys generated by your device. A public key and a private key combine to create a passkey that unlocks your account.

Apps or websites store your unique public key. Your private key is only stored on your device. After your device authenticates your identity, the two keys combine to grant you access to your account. Our guide to setting up and using passkeys tells you how to put this into practice.

Usually, the device or software generating the passkeys uses a biometric authentication tool, such as FaceID or TouchID, to authenticate your identity. If a password manager is the passkey source, you can log in to the app using a strong master password instead of biometric authentication.

Passkeys are unique to each app or website and stored in a password manager's vault or your device's keychain. Passkeys can also sync across devices, making them a convenient choice.

Where Can You Use Passkeys?

You can use passkeys to log in to many websites, including Best Buy, eBay, Google, Kayak, and PayPal. Password management company 1Password maintains a community site where users can report websites that accept logins using passkeys. Currently, some of the sites on that list still require a traditional username and password for initial account creation, but you can set up a passkey to use for future logins by visiting the Settings menu.

It's encouraging that major apps and companies are adopting passkeys so swiftly, but it may take time for websites owned by individuals or small companies to catch up. Some sites don't even support multi-factor authentication yet, so we may have to wait a while for the newest FIDO security standards to completely eliminate passwords3.

Are Passkeys Really More Secure Than Passwords?

"You have passkeys? That's fantastic. But there are things that criminals are going to do that are going to circumvent these kind of protections and we need to talk about how we can overcome that."

Allowing users to login using a passkey isn't the only update website owners need to ensure website security. In 2024, I spoke with Trevor Hilligoss, a security researcher and vice president of SpyCloud Labs at SpyCloud.

Hilligoss told me that widespread passkey adoption is "fantastic," but website owners must also fix other security holes. He noted that criminals can easily get around a passkey by stealing users' validated browser cookies using malware.

"You can use a passkey, you can use a password manager, you can use 'yourdog'sname2023', whatever. It doesn't really matter because authentication has already happened by using that cookie," Hilligoss said.

"Criminals are emulating an already authenticated session. So from the perspective of the website, it just sees that it's a valid cookie."

Hilligoss said that once a website, like your email service, validates the cookie, the criminal doesn't need to log in using your credentials or authenticate their identity. The validated cookie, which lasts on a person's browser until it expires over a period of seconds or years, allows criminals to enter your accounts undetected and steal your data or money.

The onus is on website owners to find a solution for cookie hijacking. Hilligoss told me that the rest of us can protect ourselves from the cookie hijacking threat by using passkeys or strong and unique passwords wherever we can. He also said that some websites allow users to choose when their session tokens expire.

You know the data privacy pop-up screens? Don't immediately tap "Accept." Instead, navigate to the "Cookies" or "User Data" sections and choose the shortest available session duration. That way your cookies will expire automatically or whenever you close your browser window.

How Can I Keep Track of My Passkeys?

Many of the password managers I've reviewed for PCMag, such as Editors’ Choice award winners Bitwarden and NordPass, can store and create passkeys for you. A password manager makes it easy to access both your old credentials and new passkeys when you log in.

If you don't use a password manager, it's not too late to start. Android and iOS users can store passkeys using the built-in Apple Passwords app or Google Password Manager, and all of our favorites are in this roundup of the best password managers for each type of user.

https://www.pcmag.com/explainers/passwo ... ed-it-asap
Good Thoughts Good Words Good Deeds
User avatar
Anthea
Shaswar
Shaswar
Donator
Donator
 
Posts: 29284
Images: 1155
Joined: Thu Oct 18, 2012 2:13 pm
Location: Sitting in front of computer
Highscores: 3
Arcade winning challenges: 6
Has thanked: 6019 times
Been thanked: 729 times
Nationality: Kurd by heart

Passkeys: What They Are and Why You Need Them

Sponsor

Sponsor
 

Return to Computer & Technology

Who is online

Registered users: Bing [Bot], Google [Bot]

x

#{title}

#{text}