Passwords, as annoying as they are sometimes, are the front line of defense to almost every account and profile your business depends on. That doesn’t stop security professionals from trying to develop better strategies to secure digital systems. Some of the biggest names in tech are searching for ways to forge ahead passwordless. Let’s take a look at one example that has drawn the attention of the tech community.
In order to replace the password there has to be an undeniably viable alternative. Many of today’s tech giants believe the technology that will usher the password out of the security mix is the passkey. The passkey is a stored credential (like the password), but it is stored on a device and is exchanged automatically, removing the user’s role in the process.
As the majority of cyberattacks today are aimed at end users and their passwords, removing the need for end users to put in passwords is brilliant; but how does it work? Basically, the security key would be generated over a Bluetooth connection to the user’s smartphone. That phone would then effectively sign the user into the system, removing the need for user-generated authentication.
Unfortunately, in order for passkeys to be a viable alternative to the current authentication systems we have, support for them would need to become standard across systems. That means every website, browser, password manager, etc. would need to implement the system. Of course, there is the other issue that requires that users would need their device on them at all times in order for the passkey to engage with the system and authorize the phone’s user.
Google, Apple, and Microsoft have all come out in support of the idea. In fact, Google has begun launching beta passkey platforms for their Chrome browser and Android Mobile OS. You can currently sign up for the beta through Google Play Services. Currently, Google’s plan is to use its Password Manager to store the necessary passkeys. Users would then use their biometric authentication to prove they are who they say they are.
The security landscape may soon have a tool that can combat the literal billions of phishing attacks sent each year. If you would like to learn about how to secure your endpoint so as to not run into potential disaster, reach out to us today at 407-478-6600.