Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Passkeys. Show all posts
Windows
Apple Google Internet Microsoft Passkeys Passwords Technology Windows

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch Passwords, Use Passkeys to Secure Your Account

Ditch passwords, use passkeys

Microsoft and Google users, in particular, have been warned about ditching passwords for passkeys. Passwords are easy to steal and can unlock your digital life. Microsoft has been at the forefront, confirming it will delete passwords for more than a billion users. Google, too, has warned that most of its users will have to add passkeys to their accounts. 

What are passkeys?

Instead of a username and password, passkeys use our device security to log into our account. This means that there is no password to hack and no two-factor authentication codes to bypass, making it phishing-resistant.

At the same time, the Okta team warned that it found threat actors exploiting v0, an advanced GenAI tool made by Vercelopens, to create phishing websites that mimic real sign-in webpages

Okta warns users to not use passwords

A video shows how this works, raising concerns about users still using passwords to sign into their accounts, even when backed by multi-factor authentication, and “especially if that 2FA is nothing better than SMS, which is now little better than nothing at all,” according to Forbes. 

According to Okta, “This signals a new evolution in the weaponization of GenAI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts. The technology is being used to build replicas of the legitimate sign-in pages of multiple brands, including an Okta customer.”

Why are passwords not safe?

It is shocking how easy a login webpage can be mimicked. Users should not be surprised that today’s cyber criminals are exploiting and weaponizing GenAI features to advance and streamline their phishing attacks. AI in the wrong hands can have massive repercussions for the cybersecurity industry.

According to Forbes, “Gone are the days of clumsy imagery and texts and fake sign-in pages that can be detected in an instant. These latest attacks need a technical solution.”

Users are advised to add passkeys to their accounts if available and stop using passwords when signing in to their accounts. Users should also ensure that if they use passwords, they should be long and unique, and not backed up by SMS 2-factor authentication. 

Read more »
two-factor authentication
FIDO Alliance Microsoft Authenticator app online security updates Passkeys password autofill ending Technology two-factor authentication

Microsoft Phases Out Password Autofill in Authenticator App, Urges Move to Passkeys for Stronger Security

 

Microsoft is ushering in major changes to how users secure their accounts, declaring that “the password era is ending” and warning that “bad actors know it” and are “desperately accelerating password-related attacks while they still can.”

These updates, rolling out immediately, impact the Microsoft Authenticator app. Previously, the app let users securely store and autofill passwords on apps and websites you visit on your phone. However, starting this month, “you will not be able to use autofill with Authenticator.”

A more significant shift is just weeks away. “From August,” Microsoft cautions, “your saved passwords will no longer be accessible in Authenticator.” Users have until August 2025 to transfer their stored passwords elsewhere, or risk losing access altogether. As the company emphasized, “any generated passwords not saved will be deleted.”

These moves are part of Microsoft’s broader initiative to phase out traditional passwords in favor of passkeys. The tech giant, alongside Google and other industry leaders, points out that passwords represent a major security vulnerability. Despite common safeguards like two-factor authentication (2FA), account credentials can still be intercepted or compromised.

Passkeys, by contrast, bind account access to device-level security, requiring biometrics or a PIN to log in. This means there’s no password to steal, phish, or share. The FIDO Alliance explains: “passkeys are phishing resistant and secure by design. They inherently help reduce attacks from cybercriminals such as phishing, credential stuffing, and other remote attacks. With passkeys there are no passwords to steal and there is no sign-in data that can be used to perpetuate attacks.”

For users currently relying on Authenticator’s password storage, Microsoft advises moving credentials to the Edge browser or exporting them to another password manager. But more importantly, this is a chance to upgrade your key accounts to passkeys.

Authenticator will continue to support passkeys going forward. Microsoft advises: “If you have set up Passkeys for your Microsoft Account, ensure that Authenticator remains enabled as your Passkey Provider. Disabling Authenticator will disable your passkeys.”
Read more »
Website
MFA Passkeys Privacy Security Codes Website

Think Twice Before Using Text Messages for Security Codes — Here’s a Safer Way

 



In today’s digital world, many of us protect our online accounts using two-step verification. This process, known as multi-factor authentication (MFA), usually requires a password and an extra code, often sent via SMS, to log in. It adds an extra layer of protection, but there’s a growing concern: receiving these codes through text messages might not be as secure as we think.


Why Text Messages Aren’t the Safest Option

When you get a code on your phone, you might assume it’s sent directly by the company you’re logging into—whether it’s your bank, email, or social media. In reality, these codes are often delivered by external service providers hired by big tech firms. Some of these third-party firms have been connected to surveillance operations and data breaches, raising serious concerns about privacy and security.

Worse, these companies operate with little public transparency. Several investigative reports have highlighted how this lack of oversight puts user information at risk. Additionally, government agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have warned people not to rely on SMS for authentication. Text messages are not encrypted, which means hackers who gain access to a telecom network can intercept them easily.


What Should You Do Instead?

Don’t ditch multi-factor authentication altogether. It’s still a critical defense against account hijacking. But you should consider switching to a more secure method—such as using an authenticator app.


How Authenticator Apps Work

Authenticator apps are programs installed on your smartphone or computer. They generate temporary codes for your accounts that refresh every 30 seconds. Because these codes live inside your device and aren’t sent over the internet or phone networks, they’re far more difficult for criminals to intercept.

Apps like Google Authenticator, Microsoft Authenticator, LastPass, and even Apple’s built-in password tools provide this functionality. Most major platforms now allow you to connect an authenticator app instead of relying on SMS.


Want Even Better Protection? Try Passkeys

If you want the most secure login method available today, look into passkeys. These are a newer, password-free login option developed by a group of leading tech companies. Instead of typing in a password or code, you unlock your account using your face, fingerprint, or device PIN.

Here’s how it works: your device stores a private key, while the website keeps the matching public key. Only when these two keys match—and you prove your identity through a biometric scan — are you allowed to log in. Because there are no codes or passwords involved, there’s nothing for hackers to steal or intercept.

Passkeys are also backed up to your cloud account, so if you lose your device, you can still regain access securely.


Multi-factor authentication is essential—but how you receive your codes matters. Avoid text messages when possible. Opt for an authenticator app, or better yet, move to passkeys where available. Taking this step could be the difference between keeping your data safe or leaving it vulnerable.

Read more »
VPN for public Wi-Fi
AI Privacy cybersecurity tips Incogni data removal Passkeys Password Manager Protect Personal Data Technology two-factor authentication VPN for public Wi-Fi

Digital Safety 101: Essential Cybersecurity Tips for Everyday Internet Users

 9to5Mac is brought to you by Incogni: a service that helps you wipe your personal data—including your phone number, address, and email—from data brokers and people-search websites. With a 30-day money-back guarantee, Incogni offers peace of mind for anyone looking to guard their privacy.


1. Use a Password Manager

The old advice to create strong, unique passwords for each website still holds true—but is only realistic if you use a password manager. Fortunately, Apple’s built-in Passwords app makes this easy, and there are many third-party options too. Use these tools to generate and save complex passwords every time you sign up for a new service.

2. Update Old Passwords

Accounts created years ago may still have weak or repeated passwords. This makes you vulnerable to credential stuffing attacks—where hackers use stolen logins from one site to access others. Prioritize updating your passwords for financial services, Apple, Google, Amazon, and any accounts that have already been compromised. To check this, enter your email on Have I Been Pwned.

3. Enable Passkeys Where Available

Passkeys are becoming the modern alternative to passwords. Instead of storing a traditional password, your device uses Face ID or Touch ID to verify your identity, and only sends confirmation of that identity to the site—never the actual password. This reduces the risk of your credentials being hacked or stolen.

4. Use Two-Factor Authentication (2FA)

2FA provides an added layer of security by requiring a rolling code each time you log in. Avoid SMS-based 2FA—it's prone to SIM-swap attacks. Instead, opt for an authenticator app like Google Authenticator or use the built-in support in Apple’s Passwords app. Set this up using the QR code provided by the service.

5. Monitor Last Login Activity

Some platforms, especially banking apps, show the date and time of your last login. Get into the habit of checking this regularly. Unexpected logins are an immediate red flag and could signal that your account has been compromised.

6. Use a VPN on Public Wi-Fi

Public Wi-Fi networks can be unsafe and vulnerable to “Man-in-the-Middle” (MitM) attacks. These involve a rogue device impersonating a Wi-Fi hotspot to intercept your internet traffic. While HTTPS reduces the risk, using a VPN is still the best protection. Choose a trusted provider that maintains a no-logs policy and undergoes third-party audits. “I use NordVPN for this reason.”

7. Don’t Share Personal Info With AI Chatbots

Conversations with AI chatbots may be stored or used as training data. Avoid typing anything sensitive, such as passwords, addresses, or identification numbers—just as you wouldn’t post them publicly online.

8. Consider Data Removal Services

Your personal information may already be listed with data brokers, exposing you to spam and scams. Manually removing this data can be tedious, but services like Incogni can automate the process and reduce your digital footprint efficiently.

9. Verify Any Request for Money

If someone asks for money—even if it looks like a friend, family member, or colleague—double-check their identity using a separate communication method.

“If they emailed you, phone them. If they phoned you, email or message them.”

Also, if you're asked to send gift cards or wire money, it's almost always a scam. Be especially cautious if you're told a bank account has changed—confirm directly before transferring funds.
Read more »
Technology
Authentication Cybersecurity Digital Identity Encryption Passkeys Passwordless Technology

Hawcx Aims to Solve Passkey Challenges with Passwordless Authentication

 


Passwords remain a staple of online security, despite their vulnerabilities. According to Verizon, nearly one-third of all reported data breaches in the past decade resulted from stolen credentials, including some of the largest cyberattacks in history.  

In response, the tech industry has championed passkeys as a superior alternative to passwords. Over 15 billion accounts now support passkey technology, with major companies such as Amazon, Apple, Google, and Microsoft driving adoption.

However, widespread adoption remains sluggish due to concerns about portability and usability. Many users find passkeys cumbersome, particularly when managing access across multiple devices.

Cybersecurity startup Hawcx is addressing these passkey limitations with its innovative authentication technology. By eliminating key storage and transmission issues, Hawcx enhances security while improving usability.

Users often struggle with passkey setup and access across devices, leading to account lockouts and costly recovery—a significant challenge for businesses. As Dan Goodin of Ars Technica highlights, while passkeys offer enhanced security, their complexity can introduce operational inefficiencies at scale.

Hawcx, founded in 2023 by Riya Shanmugam (formerly of Adobe, Google, and New Relic), along with Selva Kumaraswamy and Ravi Ramaraju, offers a platform-agnostic solution. Developers can integrate its passwordless authentication by adding just five lines of code.

Unlike traditional passkeys, Hawcx does not store or transmit private keys. Instead, it cryptographically generates private keys each time a user logs in. This method ensures compatibility with older devices that lack modern hardware for passkey support.

“We are not reinventing the wheel fundamentally in most of the processes we have built,” Shanmugam told TechCrunch.

If a user switches devices, Hawcx’s system verifies authenticity before granting access, without storing additional private keys on the new device or in the cloud. This approach differs from standard passkeys, which require syncing private keys across devices or through cloud services.

“No one is challenging beyond the foundation,” Shanmugam said. “What we are challenging is the foundation itself. We are not building on top of what passkeys as a protocol provides. We are saying this protocol comes with an insane amount of limitations for users, enterprises, and developers, and we can make it better.”

Although Hawcx has filed patents, its technology has yet to be widely deployed or independently validated—factors that could influence industry trust. However, the company recently secured $3 million in pre-seed funding from Engineering Capital and Boldcap to accelerate development and market entry.

Shanmugam revealed that Hawcx is in talks with major banks and gaming companies for pilot programs set to launch in the coming weeks. These trials, expected to run for three to six months, will help refine the technology before broader implementation. Additionally, the startup is working with cryptography experts from Stanford University to validate its approach.

“As we are rolling out passkeys, the adoption is low. It’s clear to me that as good as passkeys are and they have solved the security problem, the usability problem still remains,” Tushar Phondge, director of consumer identity at ADP, told TechCrunch.

ADP plans to pilot Hawcx’s solution to assess its effectiveness in addressing passkey-related challenges, such as device dependency and system lockups.

Looking ahead, Hawcx aims to expand its authentication platform by integrating additional security services, including document verification, live video authentication, and background checks.

Read more »
Password Hacking
Authentication Cyber Security Google security hardware vulnerabilities Passkey Security Passkeys Password Hacking

Why Passkeys Are the Future of Digital Authentication

 

Passwords have been a fundamental aspect of digital security for years, but they come with significant drawbacks. They are not only a hassle to remember but also vulnerable to various hacking techniques. Passkeys have emerged as a robust alternative, offering a more secure and user-friendly approach to account authentication. This new method utilizes your device, such as a smartphone or laptop, as an authenticator, employing either a PIN or biometric verification like fingerprint or facial recognition. 

The primary advantage of passkeys is that they eliminate the need for passwords entirely. This reduces the risk of phishing attacks, as there is no password for hackers to steal or guess. Additionally, passkeys are tied to the user’s device, making unauthorized access much more difficult. Without passwords to remember, users can enjoy a more streamlined and secure login experience. Major tech companies are already supporting the adoption of passkeys. For instance, setting up passkeys on a Google account involves visiting the Google Passkeys page and configuring the passkey with your device. Microsoft accounts can similarly be secured with Windows Hello or a PIN. Apple integrates passkeys with iCloud Keychain, making it easy for users to transition. These companies are not alone. Other platforms like Amazon, Adobe, Discord, eBay, GitHub, LinkedIn, Shopify, and WhatsApp have also embraced passkeys. 

This widespread support highlights the growing recognition of passkeys as the future of digital security. One concern with passkeys is the potential for losing access if the device is lost. Fortunately, most major tech companies allow passkeys to be synced across devices or securely stored in the cloud with end-to-end encryption. This means that users can restore their passkeys on a new device if their original one is lost. 

However, if a hardware security key is lost and not backed up, access to accounts could be permanently lost. Despite these concerns, device-based authentication is inherently secure. Modern devices are equipped with advanced security measures that make unauthorized access extremely difficult. Even if a device is stolen, the thief would need to bypass biometric or PIN verification to access sensitive information. Passkeys are stored in a Trusted Platform Module (TPM), ensuring that they are securely protected. In summary, passkeys represent a significant advancement in digital security. 

They offer a more secure, user-friendly alternative to traditional passwords, addressing many of the vulnerabilities associated with password-based authentication. As more services and devices adopt this technology, passkeys are poised to become the standard for secure online access. This shift not only enhances security but also simplifies the user experience, making it easier for individuals to protect their digital identities.
Read more »
User Privacy
Cyber Security Data Safety Passkeys Passkeys authentication User Privacy

Here's Why Passkeys is a Reliable Option to Safeguard Your Data

 

We all use way too many passwords, and they are probably not very secure. Passkeys are the next step in password technology, aiming to replace passwords with a more secure alternative.

Trouble with passwords 

For a long time, we used usernames and passwords to access websites, apps, and gadgets. A fundamental issue with passwords is that their creators are largely to blame. You have to remember the password, thus it's easy to fall into the trap of using real words or phrases. It's also fairly typical to use the same password across several websites and apps in favour of having unique passwords for each one. 

Although it is obviously not very safe, many individuals continue to use passwords like their birthday or the name of their pet. If they are successful, they can attempt it in every other place you use the same password. Using two-factor authentication and special passwords is essential as a result of this. Password managers, which produce random character strings for you and remember them for you, have been developed to solve this issue. 

Passkey vs. password: What distinguishes them 

Over time, not much has changed with regard to the login and password system. Think of passkeys as a full-fledged alternative for the outdated password system. Basically, the process you use to unlock your phone is the same one you use to sign into apps and websites. 

It is among the fundamental distinctions between passkeys and conventional passwords. All locations where Facebook is accessible accept your Facebook password. On the other hand, a passkey is bound to the machine where it was made. The passkey is far more secure than a password because you're not generating a universal password. 

The same security process can be employed to verify a QR code you scanned with your phone to log in on another device. There are no passwords used, thus nothing can be stolen or leaked. Because you must sign in with your phone in hand, you don't need to be afraid about a stranger across the nation using your password.

Device compatibility

Passkeys are still very new, but they already work with all the best phones and a majority of the best laptops. This is because the tech behemoths Microsoft, Google, Apple, and others collaborated to create them using the FIDO Alliance and W3C standards. 

Apple launched passkeys to the iPhone with the release of iOS 16 in the previous fall. Passkeys eliminates the need for a master password on its devices by using TouchID and FaceID for authentication. Here's how to set up passkeys on an iPhone, iPad, or Mac if you want to try them out for yourself. 

Your passkeys are stored and synchronised using the Google Password Manager if you have one of the top Android phones or an Android tablet. If you want to use passkeys with it, you must first enable screen lock on your Android device, as this stops people with access to your smartphone from utilising your passkeys.

In both Windows 10 and Windows 11, you can use Microsoft's Windows Hello to sign into your accounts using passkeys. Because your passkeys are linked to your Microsoft account, you may use them on any device as long as you're signed in.

Regarding your web browser, passkeys are currently supported by Chrome, Edge, Safari, and Firefox. For Chrome/Edge, you must be using version 79 or above, for Safari, version 13 or higher, and for Firefox, version 60 or higher.
Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
Subscribe to: Posts (Atom)