www.welivesecurity.com
Open in
urlscan Pro
2a02:26f0:780::210:ca08
Public Scan
URL:
https://www.welivesecurity.com/2023/06/20/passwords-out-passkeys-in-ready-make-switch/
Submission: On June 20 via api from TR — Scanned from DE
Submission: On June 20 via api from TR — Scanned from DE
Form analysis 5 forms found in the DOM
GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc dark col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc dark col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>GET https://www.welivesecurity.com/
<form action="https://www.welivesecurity.com/" class="basic-searchform imc col-md-12 col-sm-10 col-xs-12" method="get" role="search">
<div class="search-input clearfix">
<input type="text" name="s" value="" placeholder="Search..." class="imc">
<button class="imc">
<span class="icomoon icon-icon_search imc"></span>
</button>
</div>
</form>POST https://enjoy.eset.com/pub/rf
<form action="https://enjoy.eset.com/pub/rf" class="basic-searchform col-md-12 col-sm-12 col-xs-12 no-padding newsletter" method="post" role="search">
<div class="search-input clearfix">
<input type="text" name="EMAIL_ADDRESS_" value="" placeholder="Email...">
<input type="hidden" name="TOPIC" value="We Live Security Ukraine Newsletter">
<input type="hidden" name="_ri_" value="X0Gzc2X%3DAQpglLjHJlTQGgXv4jDGEK4KW2uhw0qgUzfwuivmOJOPCgzgo9vsI3VwjpnpgHlpgneHmgJoXX0Gzc2X%3DAQpglLjHJlTQGzbD6yU2pAgzaJM16bkTA7tOwuivmOJOPCgzgo9vsI3">
<input type="hidden" name="_ei_" value="Ep2VKa8UKNIAPP_2GAEW0bY">
<input type="hidden" name="_di_" value="m0a5n0j02duo9clmm4btuu5av8rdtvqfqd03v1hallrvcob47ad0">
<input type="hidden" name="EMAIL_PERMISSION_STATUS_" value="O">
<input type="hidden" name="CONTACT_SOURCE_MOST_RECENT" value="WLS_Subscribe_Form">
<button class="button-flag"> Submit </button>
</div>
</form>POST https://enjoy.eset.com/pub/rf
<form action="https://enjoy.eset.com/pub/rf" class="basic-searchform col-md-12 col-sm-12 col-xs-12 no-padding newsletter" method="post" role="search">
<div class="search-input clearfix">
<input type="text" name="EMAIL_ADDRESS_" value="" placeholder="Email...">
<input type="hidden" name="NEWSLETTER" value="We Live Security">
<input type="hidden" name="_ri_" value="X0Gzc2X%3DAQpglLjHJlTQGgXv4jDGEK4KW2uhw0qgUzfwuivmOJOPCgzgo9vsI3VwjpnpgHlpgneHmgJoXX0Gzc2X%3DAQpglLjHJlTQGzbD6yU2pAgzaJM16bkTA7tOwuivmOJOPCgzgo9vsI3">
<input type="hidden" name="_ei_" value="Ep2VKa8UKNIAPP_2GAEW0bY">
<input type="hidden" name="_di_" value="m0a5n0j02duo9clmm4btuu5av8rdtvqfqd03v1hallrvcob47ad0">
<input type="hidden" name="EMAIL_PERMISSION_STATUS_" value="O">
<input type="hidden" name="CONTACT_SOURCE_MOST_RECENT" value="WLS_Subscribe_Form">
<button class=""> Submit </button>
</div>
</form>Text Content
In English * Em Português * En français * En Español * In Deutsch Menu toggle menu * All Posts * Ukraine Crisis – Digital Security Resource Center * We Live Progress * Research * How To * Videos * White Papers * Threat Reports * Resources * Our Experts * Em Português * En français * En Español * In Deutsch Award-winning news, views, and insight from the ESET security community PASSWORDS OUT, PASSKEYS IN: ARE YOU READY TO MAKE THE SWITCH? With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other? Phil Muncaster 20 Jun 2023 - 11:30AM Share With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other? Chances are good that many of us have had enough of passwords. In a world where we have to manage access for scores of online accounts, passwords no longer seem fit for purpose. Many of us reuse the same, easy-to-remember login credentials across these apps and websites and commit other password-related mistakes, which makes it easier for those with malicious intent to guess or steal our login details. And once one password is cracked, our entire digital world could come crashing down. It’s actually somehow remarkable that passwords have lasted so long, with the reason largely boiling down to a lack of effective alternatives. But this may be about to change with the emergence of passkeys. Google recently announced support for the new technology on both personal and work accounts (not unlike Apple and Microsoft), so could a new era of passwordless logins be just around the corner? Previous attempts to enhance or update the password experience and security have only had partial success. Two-factor authentication (2FA) does significantly help make passwords more secure, but its uptake has been far from universal as some people find the two-step process unwieldy. Also, one-time codes sent to users via text messages, which is by far the most commonly used variety of 2FA, can still be intercepted. Password managers, for their part, do a great job of generating, storing and recalling a long, complex and unique password for each individual site. But they may not always cover all your devices, operating systems and web browsers and may present a single point of failure should you misplace your master password. In some cases, the user experience can also be a little clunky, too. Enter passkeys, an industry standard that the biggest names in tech hope will one day replace passwords, 2FA and the need for password management as we know it. HOW DO PASSKEYS WORK? Passkeys harness the power of public key cryptography. A passkey consists of a pair of cryptographic keys – a private one and a corresponding public one – that is generated to secure your account on a website, app or another online service. The private key is stored on your device as a long string of encrypted characters whereas the matching public key is uploaded to the servers of the corresponding online service, for example Google or even Apple’s iCloud keychain password management system. If you’re signed into your Google account from your smartphone, Google will have already generated a passkey for you Then, when you attempt to log in, you’ll be asked to authenticate with your PIN, fingerprint or another device screen-lock mechanism. There’s no need to enter or remember any passwords, which immediately makes the process more secure and more seamless to use. On the login attempt, the server sends a cryptographic challenge to your device, asking the private key to solve it and relay it back to the server. This response is used to verify that the public and private key pairs match as both are required to authenticate you. At no point does the biometric data leave the device, nor does the server learn what the private key is. Indeed, you never actually see the private key yourself, either – all the magic happens in the background and with next to zero effort on your part. First step towards setting up passkey authentication in Google account security settings WHAT ARE THE BENEFITS OF PASSKEYS? So, could passkeys offer the ‘Holy Grail’ of both ease of use and stronger security? Here are some of the benefits in more detail: * Phishing- and social engineering-resistant: Passkeys do away with the problem of people accidentally spilling their login credentials to cybercriminals by entering them into phoney websites. Instead, you’re asked to use your device to prove that you are the account’s true owner. * Prevent fallout from a third-party breach: If a website or app provider is breached, only public keys could be stolen – your private key is never shared with the online service, and there’s no way to figure it out from the public key. On its own, then, the public key is useless to an attacker. Compare this to the current system, where hackers can steal large troves of ready-to-use username/password combinations. * Avoid brute-force attacks: Passkeys rely on public key cryptography, meaning attackers can’t guess them or use brute-force techniques to crack accounts open. * No 2FA interception: There’s no second factor with passkeys, so users aren’t at risk of attack techniques designed to intercept SMS codes and the like. Indeed, think of a passkey itself as consisting of multiple authentication factors. In fact, passkeys are strong enough to replace even the most secure flavor of 2FA – hardware security keys. * Built on industry standards: Passkeys are based on FIDO Alliance and W3C WebAuthn working group standards, meaning they should work across all participating operating systems, browsers, websites, apps and mobile ecosystems. Apple, Google and Microsoft are all supporting the technology, as are (or will soon be) major password management companies such as 1Password and Dashlane and platforms like WordPress, PayPal, eBay and Shopify. * Easy to recover: Passkeys can be stored in the cloud and thus restored to a new device if it is lost. * Nothing to remember: For users, there’s no longer a need to create, remember and protect large volumes of passwords. * Works across multiple devices: Once created, a passkey can be used on new devices without the need to re-enrol each time as per regular biometric authentication. However, there are caveats, as detailed below. WHY MIGHT PASSKEYS NOT BE A GOOD IDEA? There may be some hurdles along the way that may ultimately stop you from adopting passkeys, for the time being, anyway: industry adoption and the way passkeys sync. * Passkeys only sync to devices running the same OS: As this article explains, passkeys sync by OS platform. That means if you have an iOS device but also use Windows, for example, it could make for a frustrating user experience. You would need to scan QR codes and switch on Bluetooth to get your passkeys working across devices using different operating systems. That’s actually less user-friendly than the current experience for passwords. * Adoption is far from industry-wide: Although some big names are already on board with passkeys, it’s still early days. Aside from the big platforms, it will also take some time before we reach a critical mass of websites and apps supporting it. Check out whether your favorite platforms support the technology here. Could this be the beginning of the end for passwords? Passkeys are the strongest contender yet. But to gain near-universal acceptance among users, the tech vendors may need to make it easier still to use them across different OS ecosystems. If you’re ready to give passkeys a try, it takes very little effort to get started via the settings menu of your Google, Apple or Microsoft account(s). Phil Muncaster 20 Jun 2023 - 11:30AM SIGN UP TO RECEIVE AN EMAIL UPDATE WHENEVER A NEW ARTICLE IS PUBLISHED IN OUR UKRAINE CRISIS – DIGITAL SECURITY RESOURCE CENTER Submit NEWSLETTER Submit SIMILAR ARTICLES Digital Security CYBER INSURANCE: WHAT IS IT AND DOES MY COMPANY NEED IT? Digital Security DIGITAL SECURITY FOR THE SELF-EMPLOYED: STAYING SAFE WITHOUT AN IT TEAM TO HELP Digital Security TOP 5 SEARCH ENGINES FOR INTERNET-CONNECTED DEVICES AND SERVICES Digital Security MEET “AI”, YOUR NEW COLLEAGUE: COULD IT EXPOSE YOUR COMPANY'S SECRETS? DISCUSSION * Home * About Us * Contact Us * Sitemap * Our Experts * ESET * Research * How To * Categories * RSS Configurator Privacy policy Legal information Manage cookies Copyright © ESET, All Rights Reserved Back to top Your account, your cookies choice We and our partners use cookies to give you the best optimized online experience, analyze our website traffic, and serve you with personalized ads. You can agree to the collection of all cookies by clicking "Accept all and close" or adjust your cookie settings by clicking "Manage cookies". You also have the right to withdraw your consent to cookies anytime. For more information, please see our Cookie Policy. Accept all and close Manage cookies Essential cookies These first-party cookies are necessary for the functioning and security of our website and the services you require. They are usually set in response to your actions to enable the use of certain functionality, such as remembering your cookie preferences, logging in, or holding items in your cart. You can´t opt out of these cookies, and blocking them via a browser may affect site functionality. Basic Analytical Cookies These first-party cookies enable us to measure the number of visitors/users of our website and create aggregated usage and performance statistics with the help of our trusted partners. We use them to get the basic insight into our website traffic and our campaign performance and to solve bugs on our website. Advanced Analytical Cookies These first or third-party cookies help us understand how you interact with our website and each offered service by enriching our datasets with data from third-party tools. We use these cookies to improve our website, services, and user experience, find and solve bugs or other problems with them, and evaluate our campaigns´ effectiveness. Marketing cookies These third-party cookies allow our marketing partners to track some of your activities on our website (for example, when you download or buy our product) to learn about your interests and needs and to show you more relevant targeted ads. Accept and close Back