Passwords exist in various formats to store authentication information, and are a concept which has existed since ancient times.
This will change very soon. Microsoft, Apple, Google and a consortium of other companies have come together to create a single passkey standards controlled by the FIDO Alliance. Passkeys will not only be easier to use but will be much more secure than traditional passwords. They will also be fully resistant to credential phishing, credential stuffing and similar attacks in general theftof data.
On Monday, the PayPal ανακοίνωσε ότι οι χρήστες της που εδρεύουν στις ΗΠΑ θα έχουν σύντομα τη δυνατότητα να σύνδεσης με passkeys που βασίζονται στην FIDO, συμμετέχοντας στις εταιρείες Kayak, eBay, Best Buy, CardPointers και WordPress που προσφέρουν ήδη τον εναλλακτικό τρόπο σύνδεσης.
Τους τελευταίους μήνες, η Microsoft, η Apple και η Google έχουν ενημερώσει όλα τα λειτουργικά τους συστήματα και τις εφαρμογές τους για να ενεργοποιήσουν τα passkeys. Η υποστήριξη όμως εξακολουθεί να είναι ανεπαρκής. Τα passkeys που είναι αποθηκευμένα σε iOS ή macOS λειτουργούν στα Windows, για παράδειγμα, αλλά το αντίστροφο δεν είναι ακόμα δυνατόν. Ωστόσο, τους επόμενους μήνες, όλα αυτά θα πρέπει να διορθωθούν.
Passkeys work almost identically to FIDO authentications allowing us to use Yubico or Feitian phones, laptops, PCs and security USBs for multi-factor authentication.
Just like the FIDO controllers stored in these Appliances MFA, passwords are invisible and integrated into Face ID, Windows Hello or other biometric readers offered by device manufacturers.
There is no way to recover the encrypted data stored in the authentications other than to jailbreak or root the device.
Even if an adversary is able to extract the encrypted data, he would have to provide a fingerprint, or undergo a facial scan, or – in the absence of biometric capabilities – provide a PIN.
"Users no longer need to have a device for each service, which has been the case for FIDO controllers for a long time (and for any passkey)," Reported Andrew Shikiar, Executive Director and Head of Department; marketing of FIDO.
"By enabling secure private key synchronization in a cloud, the user only needs to sign up once for a service, and will then be effectively pre-registered for that service on all their other devices."
In other words: Passkeys will simply exchange encrypted WebAuthn keys. We won't need to use a password manager to create, store and recall a password. All of this will happen automatically, with much better keys than the old text box used, and with enforced uniqueness.”
If you want to try passkeys, you can use this demo site created by security company Hanko.