Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label FIDO Alliance. Show all posts
Public Key Cryptography
Cybersecurity Data protection Digital Authentication FIDO Alliance Online Identity Passwordless Security Privacy Public Key Cryptography

Understanding Passkeys and Their Everyday Use

 


There has been a longstanding reliance on traditional passwords for digital security; however, these days, more advanced methods of authentication are challenging traditional passwords. As there are billions of compromised login credentials circulating on the dark web, Digital Shadows researchers have recently identified over 6.7 billion unique username and password combinations - consumers face a mounting risk of password reuse and account theft.

Microsoft, Google, and Apple, all technological giants, are recognising these vulnerabilities, which is why they are actively transitioning towards passwordless authentication, a model aimed at eliminating the inherent weaknesses of conventional log-in mechanisms. It is important to remember that FIDO (Fast IDentity Online) Alliance is a leading international organisation that works towards developing open standards and encouraging collaboration among industry leaders in order to create secure, user-friendly alternatives to passwords. 

With the growing popularity and growth of this movement, passwordless authentication is not just an abstract concept anymore, but rather an emerging reality that will shape the future of trust and online safety in the digital age. A variety of solutions have been developed over the years to solve the problems with passwords, but no one has managed to fully resolve them.

Password managers, for instance, provide a practical solution for generating strong credentials, storing them securely, and automating the entry of those credentials into legitimate websites, all at the same time. There is some benefit to this approach; however, it also creates a new dependency on the password manager itself, which makes it a centralised point of failure. 

The two-factor authentication system (2FA) has strengthened security by adding additional requirements, such as biometric verification or one-time codes, to strengthen defences. As long as users and service providers continue to transmit sensitive credentials between them, these methods still expose them to vulnerabilities, including interception and man-in-the-middle attacks, which have the potential to compromise the security of the service. 

Passkeys are emerging as a viable alternative to these limitations, with the support of influential organisations such as FIDO Alliance and the World Wide Web Consortium (W3C) promoting the use of passkeys. A passkey differs from traditional login methods in that it is based on advanced cryptographic principles that provide seamless authentication that is not susceptible to phishing and credential reuse, in contrast to traditional login methods. 

In addition to reducing the burden of password management, their design aligns with the broader transition toward a digital economy based on a secure, internet-native financial infrastructure. A passkey system, as well as the cryptographic mechanisms underpinning the Bitcoin network, are so similar that those who are familiar with digital keys in cryptocurrency are able to understand how it works intuitively because of the similarity between those two mechanisms. 

It is important to understand that passkeys represent a significant departure from complex passwords that are traditionally reliant on complicated passwords. It provides a more convenient and safer way of identifying a user. Passkeys are not designed to require users to memorise or share sensitive credentials, but rather rely on cryptographic technology that ensures that users are authenticated through trusted devices, like smartphones, rather than requiring them to memorise and share their credentials. 

Consequently, logging into services such as Google accounts can be done using a current phone without having to enter a password or username, since you simply need to approve access. A passkey, according to Andrew Shikiar, CEO of the FIDO Alliance, is a security solution that will replace both traditional passwords and outdated two-factor authentication methods. 

Passkeys are a rare advancement in cybersecurity in that they improve usability while simultaneously raising security standards, making this a rare advancement in cybersecurity. In terms of security, passkeys have a significant advantage over traditional passwords as their structure allows them to function as “shared secrets,” since information is stored on a server and sent across networks—a situation that attackers tend to exploit regularly. 

Passkeys avoid this risk by utilising public key cryptography, which ensures the private element of the password remains within the user's device. There are two keys generated for each user account when enabled with passkeys: one is public, which is stored on the service, and the other is private, which is stored in the user's authenticator, which may be a smartphone or password manager. Access is granted without having to exchange secrets, which minimises the risk of intrusion. 


As the WebAuthn API is now widely supported across all modern browsers and operating systems, passkeys make the process of granting access easy, as a user needs only to verify their identity with a fingerprint, face scan, or device PIN. It is also possible to use passkeys on a device, store them on hardware like YubiKeys, or sync them across multiple devices using password managers, offering users both security and convenience. 

Although passkey adoption is accelerating, there has been an uneven transition to passkeys. It is a fact that many tech giants like Microsoft, Google, Apple, Amazon, and Adobe have implemented support for Passkeys; however, many websites and applications still lag behind. While several directories attempt to collect information regarding passkeys, such as those from 1Password, Hanko, and OwnID, they remain incomplete in this regard.

In addition, a more reliable resource is the nonprofit 2factorauth, which is based in Sweden, hosted on Github and managed by its community, which updates and categorizes all kinds of resources regularly, but experts warn that full adoption will be a slow process, as it takes global coordination across devices, operating systems, and platforms to move beyond a decades-old password system. In spite of this, there is clearly a strong movement towards integrating passkeys into critical services. 

Specialists recommend that, at the very least, you enable passkeys for those accounts that serve as digital gateways - such as Google or Facebook sign-ons - while remembering that no solution is completely impervious. Even though passkeys “secure the front door,” Shikiar notes that organisations must enhance their overall identity journeys, from onboarding and recovery to session management, to provide a comprehensive level of protection. 

The digital ecosystem is moving in the direction of passwordless authentication, and passkeys seem to be one of the most promising developments in the effort to improve online security and simplify user experiences while simultaneously strengthening online security. It is only through consistent adoption and user awareness, however, that this technology can reach its full potential. This shift presents individuals with the opportunity to take proactive action toward their own security: enabling passkeys on essential accounts, staying on top of the latest software and keeping the devices up-to-date, and knowing how authenticators work are all crucial to taking proactive measures. 

In order to ensure successful adoption, organisations must build resilient identity frameworks, maintain transparent communication, and implement robust account recovery strategies in addition to providing enabling support. It is clear, if scaled, that the benefits go well beyond convenience: reducing the dependence on centralised databases, limiting the theft of credentials, and setting up a foundation of digital trust to help businesses innovate into the future. 

 Passkeys are simply a way of safeguarding your login credentials, but they also serve as an overarching security model that reflects the realities of a connected, data-driven world in which the protection of one's identity cannot be taken for granted, but is considered a necessity rather than an option.
Read more »
two-factor authentication
FIDO Alliance Microsoft Authenticator app online security updates Passkeys password autofill ending Technology two-factor authentication

Microsoft Phases Out Password Autofill in Authenticator App, Urges Move to Passkeys for Stronger Security

 

Microsoft is ushering in major changes to how users secure their accounts, declaring that “the password era is ending” and warning that “bad actors know it” and are “desperately accelerating password-related attacks while they still can.”

These updates, rolling out immediately, impact the Microsoft Authenticator app. Previously, the app let users securely store and autofill passwords on apps and websites you visit on your phone. However, starting this month, “you will not be able to use autofill with Authenticator.”

A more significant shift is just weeks away. “From August,” Microsoft cautions, “your saved passwords will no longer be accessible in Authenticator.” Users have until August 2025 to transfer their stored passwords elsewhere, or risk losing access altogether. As the company emphasized, “any generated passwords not saved will be deleted.”

These moves are part of Microsoft’s broader initiative to phase out traditional passwords in favor of passkeys. The tech giant, alongside Google and other industry leaders, points out that passwords represent a major security vulnerability. Despite common safeguards like two-factor authentication (2FA), account credentials can still be intercepted or compromised.

Passkeys, by contrast, bind account access to device-level security, requiring biometrics or a PIN to log in. This means there’s no password to steal, phish, or share. The FIDO Alliance explains: “passkeys are phishing resistant and secure by design. They inherently help reduce attacks from cybercriminals such as phishing, credential stuffing, and other remote attacks. With passkeys there are no passwords to steal and there is no sign-in data that can be used to perpetuate attacks.”

For users currently relying on Authenticator’s password storage, Microsoft advises moving credentials to the Edge browser or exporting them to another password manager. But more importantly, this is a chance to upgrade your key accounts to passkeys.

Authenticator will continue to support passkeys going forward. Microsoft advises: “If you have set up Passkeys for your Microsoft Account, ensure that Authenticator remains enabled as your Passkey Provider. Disabling Authenticator will disable your passkeys.”
Read more »
Passwords
Cyber Security FIDO Alliance Passkey Passwords

Many Internet Users Suffer Account Breaches Due to Weak Passwords, Study Finds

 



A recent study has shown that more than one in three people have had at least one of their online accounts broken into during the past year. The main reason? Poor or stolen passwords.

The report comes from the FIDO Alliance, a group that focuses on improving online safety. Their findings reveal that passwords are still a major weak spot in keeping digital accounts secure.


People Struggle with Passwords

The research found that 36% of people had their accounts hacked because their passwords were either easy to crack or already leaked online. Many users still rely on passwords that are short, simple, or reused across different accounts. These habits make it easier for cybercriminals to gain access.

Forgetting passwords is another common issue. Nearly half of the participants said they gave up making a purchase online because they couldn’t remember their password.


What Are Passkeys and Why Are They Safer?

To fix the problem with passwords, many websites and apps are now supporting a new method called passkeys. These don’t require typing anything in. Instead, you can log in using your fingerprint, face scan, or a PIN stored on your device.

This system is safer because the login details never leave your phone or computer, and they don’t work on fake websites. This means scammers can’t trick people into handing over their login details like they do with traditional passwords.

According to the study, most people are now aware of this new method. Around 69% have already used passkeys on at least one of their accounts, and over a third said they’ve switched entirely to using them wherever possible.


Big Tech Companies Back Passkeys

On May 2, Microsoft said it is now letting all of its users log in with passkeys instead of passwords. The company admitted that passwords simply aren’t strong enough to protect people’s accounts, even if they’re long or frequently updated.

Microsoft users can now sign in using face ID, fingerprint, or PIN on devices from Windows, Apple, or Google.


Moving Away from Passwords Altogether

To raise awareness, FIDO has renamed its annual event “World Passkey Day.” The goal is to encourage companies and users to stop relying on passwords and start using safer login tools.

As part of the event, FIDO launched a pledge for businesses that want to commit to using passkeys. More than 100 organizations have already joined in.

FIDO’s leader, Andrew Shikiar, said the shift to better login methods is necessary. He explained that years of account hacks and data leaks have shown that traditional passwords no longer offer the protection we need in a digital world.

The study surveyed 1,389 adults from the US, UK, Japan, South Korea, and China.

Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
Subscribe to: Posts (Atom)