Written by 08:00 Data, Security Views: [tptn_views]

The new key to passwords

“Qwerty” is making way for passkeys

The default position on passwords by many people and organizations has been that they have had their day because of vulnerability to hacking.

This is mainly because they are employed typically by humans who are error-prone and lazy. They don’t feel the need to have a different password for every website across different devices – they will often use the same one for many applications and websites.

Much focus has been placed on passkeys instead. The FIDO Alliance is an organisation that brings together major technology companies, financial institutions, service providers, and government organizations from around the world. FIDO stands for Fast Identity Online and priortises online privacy and security.

It wants to set standard password standards, such as FIDO Universal Second Factor (U2F) and FIDO Universal Authentication Framework (UAF), use cryptographic techniques and public-key cryptography to authenticate users. U2F enables two-factor authentication using an external hardware device, while UAF allows passwordless, multi-factor authentication using biometrics or other factors. By advocating for these standards, the FIDO Alliance aims to simplify the user experience and improve the overall security of online authentication.

Company-wide take up

FIDO believes that passkeys are also the future in internet security as they are less vulnerable to hacking and are resistant to phishing attacks. Major companies such as Apple, Microsoft and Google are trying to find ways of working with FIDO to swap users from passwords to passkeys.

Apple’s most recent security update has appeared on its iOS 16 phone, which is using a passkey as well as its macOS Ventura system on its new Macs. Both of these now support passkeys. Likewise, Google got busy introducing its passkeys to be used when accessing Chrome on Android, macOS and Windows services at the end of last year.

Support for this phishing resistant pass key has come from the US Federal Government, which is trying to mandate a full take up of these passkeys across a number of major operating systems.

Are passwords outdated and unsafe?
Photo by Dan Nelson on Unsplash

What is a passkey?

A passkey is a sequence of characters or symbols used to authenticate a user’s identity and grant access to computers, information, or online accounts.

It acts as a security measure so that passkeys protect sensitive data, personal information, and system resources from unauthorised access.

For some computers and information, passkeys are typically required for logging into operating systems, accessing specific applications or software, protecting online accounts like email or social media, encrypting and decrypting files or folders, and connecting to secure networks or Wi-Fi.

To maintain robust security, it is crucial to create unique and complex passkeys for each account or device and update them regularly, incorporating a combination of letters, numbers, and special characters to minimise the risk of unauthorised access.

There are downsides to passkeys, however. Users get given two devices: primary and secondary. If a user loses the secondary device, they passkey has to be entirely reset, which can create problems in the future.