Add thelocalreport.in As A Trusted Source
passwords These are key to our digital lives – think about how often you log into websites and other systems. But like physical keys, they can be lost, duplicated, and stolen.
Several alternatives, including passkeys, have been proposed in recent years. These offer significant improvements in terms of user-friendliness and widespread usability.
But what exactly are they – and how are they different from passwords?
passwords are unsafe
In simple terms, a password is a secret word or phrase that you use to prove who you are on a computer system and/or online. If you have an account on a website or are subscribed to a service provider, you probably have multiple accounts.
The passwords themselves are fine; It is the way we implement and use them that makes them unsafe. For example, weak password habits are everywhere. A CyberNews report earlier this year revealed that 94% of the 19 billion leaked passwords were reused. It also identified several similarities in the passwords, including strings of numbers such as “123456”, people’s names, cities, popular brands and expletives.
And when a breach occurs, stolen passwords can spread quickly. This leads to account takeover, identity theft and/or phishing Attack. In one experiment, hackers were trying to use the leaked credentials within an hour.
Passwords are also unsafe phishingWhich is when scammers trick you into typing your password (or other information) into a fake account login page. phishing The number and consequences of emails continues to increase, with one report indicating that over 3 billion phishing emails are sent daily globally.
A good password is unique (ie, never reused) and complex (imagine a sequence of letters, numbers, and symbols like “e8bh!kXVhccACAP$48yb”). It can also be a unique combination of several words to form a phrase or memorable sequence.
This can be difficult to remember, although creating a story that uses the contents of the password can help. For example, let’s say your password was “CrocApplePurseBike”. You can remember it by thinking about it Crocodile who packed it Apple in one purse before riding a Bike,
What are passkeys and how do they work?
Passkeys first started emerging about four years ago. They use a mathematical process called public-key cryptography to create a unique set of information that is divided into two parts – or keys.
A key is public and can be shared with websites; The second is a private key that is stored securely on your device. To sign in to an account, the website sends a random challenge (such as a number) and your device uses the private key to “approve” the login request. This approval is usually called “signing off” the request and applies a mathematical process to the challenge.
Your device will not do this automatically; You will usually need to approve the request. Many mobile devices will require your face or fingerprint to authorize a reply to be sent.
Finally, the website verifies the signature against the already existing public key. If it confirms the challenge, you’re in.
strong by design
By design, passkeys are stronger than passwords. It does not matter if the public key is stolen, as it cannot be used by itself. Your private keys are reliably protected by your device’s security, with most using facial or finger-based biometrics to unlock (it’s best to avoid relying on a PIN).
Each passkey is also unique to each service you use; Even though a key to a site may be stolen, it cannot be used anywhere else.
About the authors
Paul Haskell-Dowland is Professor of Cybersecurity Practice at Edith Cowan University.
Ismini Vasiliou is Associate Professor in the School of Computer Science and Informatics at De Montfort University.
This article is republished from Conversation Under Creative Commons license. read the original article,
Another plus is that passkeys are resistant to phishing. From the user’s perspective, there is no password to send in response to a phishing email. A request to log in to a site must come from a registered device with user approval.
Passkeys are also more convenient than passwords. You don’t have to find the password you used when registering – Passkeys are already linked to your device and are just a finger/face verification away.
However, there are some problems with passkeys. For one, while many browsers, operating systems, and websites are adopting the passkey, it is not universal. And some early implementations faced compatibility between devices (such as between Microsoft and Apple devices).
As users move to newer devices and manufacturers improve integration, these problems should go away.
a clear winner
From a security perspective, Passkey is the clear winner. They provide strong security, can resist phishing and are easy to use. But until passkeys are everywhere, passwords will play a supporting role.
Implementing a passkey on a website requires effort from the concerned company. With the huge number of sites requiring users to create accounts, the process of migrating them all to Passkey is going to take decades. Many people will never adopt this practice unless other factors force them to.
For now, it’s important that we continue to focus on password hygiene by using strong, unique passwords and enabling multi factor authentication wherever possible. If you do nothing else after reading this article, at least change any reused passwords.