Goodbye Passwords, Hello Passkeys
Alternate Title: Are We Sure This Is A Good Idea?
Summary
Passkeys are a modern authentication method designed to replace traditional passwords, purporting to offer enhanced security and user convenience. They are part of the broader category of passwordless authentication, which aims to eliminate the need for passwords, addressing their inherent weaknesses such as being easily forgotten, reused, or stolen.
Breakdown
Authentication is hard, and passwords are not the best solution.
Microsoft lost $12 million in one month due to password resets.
Over 164 million breached accounts were reported on LinkedIn alone due to compromised passwords.
25-40% of IT help desk calls are due to password problems.
Passkeys are already supported on many popular services such as: Google, Apple, Microsoft, Dropbox, PayPal, 1Password, eBay, Dashlane, Yahoo, GitHub, Twitter, Facebook.
Unique keys for each online service prevent widespread breaches.
Password managers like 1Password and Bitwarden can securely store Passkeys for easy access.
Passkeys allow users to sign in with a physical device (usually smart phone or YubiKey) or biometric data (fingerprint, facial recognition).
Multi-factor authentication is built into Passkeys, enhancing security.
Passkeys use public key cryptography for secure authentication.
Recommendations for Businesses
Store Passkeys in a secure password manager like 1Password.
Enable pass keys in services that support them such as Google, Apple, Microsoft, Dropbox, PayPal, 1Password, eBay, Dashlane, Yahoo, GitHub, Twitter, Facebook
Regularly check if your email has been part of any breaches using services like Have I Been Pwned (https://haveibeenpwned.com)
Avoid using SMS for two-factor authentication as it is trivial to compromise