UK National Cyber Security Centre,Passkeys: the promise of a simpler and safer alternative to passwords


Passkeys: The Promise of a Simpler and Safer Alternative to Passwords

Introduction

Passwords have long been the primary method of authentication for online accounts, but they are notoriously insecure. They can be easily guessed, stolen, or phished, and they are often reused across multiple accounts, making it even easier for attackers to compromise multiple accounts with a single stolen password.

Passkeys are a new type of authentication that is designed to be more secure and easier to use than passwords. Passkeys are stored on your device and are never shared with the website or service you are logging into. This makes them much more difficult for attackers to steal or phish. Passkeys are also more convenient than passwords, as you do not have to remember them or type them in. You can simply tap your device or use a biometric scan (such as a fingerprint or facial recognition) to log in.

How Passkeys Work

Passkeys use public-key cryptography to create a secure connection between your device and the website or service you are logging into. When you first create a passkey for a website or service, your device generates a public key and a private key. The public key is shared with the website or service, while the private key is kept secret on your device.

When you log in to a website or service using a passkey, your device sends the public key to the website or service. The website or service then uses the public key to encrypt a challenge. Your device decrypts the challenge using the private key, and then sends the decrypted challenge back to the website or service. The website or service verifies that the decrypted challenge is correct, and then grants you access to your account.

Benefits of Passkeys

Passkeys offer a number of benefits over passwords, including:

  • Security: Passkeys are much more difficult to steal or phish than passwords, as they are never shared with the website or service you are logging into.
  • Convenience: Passkeys are more convenient than passwords, as you do not have to remember them or type them in. You can simply tap your device or use a biometric scan (such as a fingerprint or facial recognition) to log in.
  • Reduced Risk of Credential Stuffing: Passkeys help to reduce the risk of credential stuffing, which is a type of attack in which attackers use stolen or leaked passwords to try to log in to other websites or services. This is because passkeys are not stored on the website or service, so they cannot be stolen in a data breach.
  • Universal Compatibility: Passkeys are supported by all major browsers and operating systems, so you can use them to log in to any website or service that supports passkeys.

Conclusion

Passkeys are a new type of authentication that is designed to be more secure and easier to use than passwords. Passkeys offer a number of benefits over passwords, including increased security, convenience, reduced risk of credential stuffing, and universal compatibility. As more websites and services adopt passkeys, it is likely that we will see a decrease in password-related security breaches.


Passkeys: the promise of a simpler and safer alternative to passwords

The AI has provided us with the news.

I’ve asked Google Gemini the following question, and here’s its response.

UK National Cyber Security Centre a new article on 2025-01-14 15:27 titled “Passkeys: the promise of a simpler and safer alternative to passwords”. Please write a detailed article on this news item, including any relevant information. Answers should be in English.


88

Leave a Comment