Is The Future Passwordless? Will everyone switch to passwordless login? Passkeys are rising in popularity.
How often do you forget your password or are forced to change it? How many different passwords do you need to create for different accounts?
How many stories or instances have you heard where a cyber attack started stolen credentials due to poor password hygiene or policies where passwords were easy to crack or used on multiple accounts?
There may be a future where accounts and sign-ins are passwordless, and instead switching to passkeys.
Companies such as Apple, Google, and Microsoft have begun to adopt and support the practice, with many more companies and tech following suit.
So what are passkeys?
They’re cryptographic keys, where a public key is part of an online service, app, or account, depending on what you’re using and if it’s a supported method of login. There is a private key that is stored on a secondary device that requires you to login with possibly biometric authentication, which would be a fingerprint, facial recognition or a pin or swipe pattern, depending on the device.
The biometric or any private key info can’t be stolen or leaked and isn’t stored because it lives on the secondary device. If the public key is stolen, the hacker still wouldn’t have access to the private key without the device.
Passkeys are not like 2FA or MFA as it requires physical proximity to help verify users to login through a push notification from the public key. 2FA and MFA requires entry of a password to get the push notification to verify it, and we’ve seen an increase in cyber criminals attacking MFA to bypass security, which passkeys could prevent.
Are passkeys the way of the future? Most believe passwords, MFA and 2FA will likely exist for a long time until passkeys are more widely accessibly installed into certain technology and applications that are commonly used. But it is something to consider.
Our cyber experts talked about why MFA has become a popular target for cyber attacks in our webinar last week, Embracing Zero Trust: How Hard Can It Be?
If you missed the webinar, you can download it to watch it for free, on-demand to learn more about why cyber criminals would target MFA in attacks, and how passkeys would fit into a zero trust model.
Other Resources
- Strengthen Your Defenses: The Essential Steps for Conducting a Cybersecurity Gap Analysis
- Practical Cybersecurity Principles for PSAPs | eBook
- Understanding the New CJIS Cybersecurity Requirements: A Guide
- Protecting Cloud Environments Must Be a Top Priority
- Cyber Alert: Update on CrowdStrike Issue With Windows Endpoint Agent