{"id":169784,"date":"2024-01-19T06:00:00","date_gmt":"2024-01-19T11:00:00","guid":{"rendered":"https:\/\/www.ict-pulse.com\/?p=169784"},"modified":"2024-01-18T16:55:29","modified_gmt":"2024-01-18T21:55:29","slug":"passkeys-are-they-the-future-of-security","status":"publish","type":"post","link":"https:\/\/ict-pulse.com\/2024\/01\/passkeys-are-they-the-future-of-security\/","title":{"rendered":"Passkeys: Are they the future of security?"},"content":{"rendered":"\n

Passkeys are widely considered the likely successor passwords, which have been around for over 50 years. However, is that really true? We discuss, and outline some of the pros and cons and the current thinking about passkeys.<\/em><\/p>\n\n\n\n

 <\/p>\n\n\n\n

In an era dominated by having a digital presence and engaging in digital and online interactions, the need for robust security measures has become paramount. Traditionally, passwords were the primary means of securing our accounts and personal data. However, their inherent weaknesses, such as susceptibility to brute-force attacks and phishing, have resulted in us needing to use longer and more complex passwords plus additional security measures, such as two-step or multifactor authentication, to keep our accounts safe.<\/p>\n\n\n\n

Although using two-step or multifactor authentication is more robust than using a password alone by adding more layers of security resulting in a reliable and effective system for blocking unauthorized access, it also has some downsides including increasing the log-in time and vulnerability to phishing attacks among others. Hence, there is still a need for a system that is easy to use, can address phishing attacks, and does not require codes or passwords to be transmitted, thus providing an opportunity for interception.<\/p>\n\n\n\n

In response to these challenges, a new alternative is emerging: passkeys.<\/p>\n\n\n\n

 <\/p>\n\n\n\n

What is a passkey and how does it work?<\/h2>\n\n\n\n

A passkey is a unique and dynamic identifier that goes beyond the static nature of traditional passwords. Unlike passwords which typically comprise a combination of letters, numbers, and symbols, passkeys use a combination of factors, including biometrics, behavioural patterns, and contextual information, to authenticate users.<\/p>\n\n\n\n

In essence, a passkey is a type of login credential that removes the need for passwords. Currently, a popular application of passkeys is on smartphones through the use of biometric authentication, such as fingerprint or face recognition, a PIN or swipe pattern to gain access to the device.<\/p>\n\n\n\n

Extrapolating the passkey that is used to unlock a smartphone to access other sites, it is important to note that that passkey stays on your device. Similarly, when you sign up for an online service that supports passkey authentication, two keys are generated. The public key is stored in the website\u2019s server, while the private key is stored on your device. Both keys are required to authenticate a user when logging in.<\/p>\n\n\n\n

When you are required to log in to an online platform, the server sends a request to your device, and that request is then answered by a related passkey. Your identity as the user is also confirmed via the passkey stored on your device, and if the passkey on your device and the server match, you are granted access to your account.<\/p>\n\n\n\n

 <\/p>\n\n\n\n