Passkeys Coming… Slowly

By Guest Blogger, Chris Bonatti, Cybersecurity Consultant, IECA of Casper

Forward by CyberWyoming:  Exploring your company’s new digital world is part of Wyoming’s Cybersecurity Competition for Small Business.  Join today! https://cyberwyoming.org/competition/

Over the summer, Apple, Google and Microsoft announced their plan to adopt a new standard they call Passkeys for strong authentication. While all the details of this new plan are not yet clear, it appears essentially to be FIDO2 credentials stored by the user’s various devices, and synchronized through the cloud.  (FIDO enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.  https://fidoalliance.org/fido2/ This is a version of KYC – Know Your Customer, where your identity is stored in a ‘wallet’ and can be reused across the web.)  They ambitiously aim for Passkeys to fully replace passwords. However, in order for Passkeys to function, supporting websites and services must implement the Level 3 WebAuthn specification, which is a non-trivial implementation. Industry has also expressed concern that syncing through the distinct Apple, Google and Microsoft cloud silos would create “lock-in” of user credentials. So at least in the near term, we do not expect Passkeys to have much impact on the marketplace. More information is available at ‘Passkeys.dev’.

For their part, LastPass and Bitwarden are making noises about supporting storage of Passkeys in their password vaults, but it isn’t yet clear how or when. Both already support strong authentication in place of a master password. It’s too bad more LastPass users weren’t using it. They might have been spared a breach. 

For the full newsletter visit the IECA website at: http://www.ieca.com/

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: