Passkeys: They’re Not Perfect, But They’re Getting Better
The National Cyber Security Centre (NCSC) has published a new article on passkeys, discussing their advantages and disadvantages and providing guidance on how to use them securely.
What are passkeys?
Passkeys are a new type of authentication mechanism that is designed to be more secure than traditional passwords. They are based on public-key cryptography, which means that they use a pair of keys to encrypt and decrypt data. The public key is stored on the server, while the private key is stored on the user’s device.
When a user attempts to log in to a website or application that supports passkeys, the server sends the user’s public key to the user’s device. The device then uses the private key to decrypt the public key and generate a shared secret. The shared secret is then used to authenticate the user.
Advantages of passkeys
Passkeys offer a number of advantages over traditional passwords, including:
- They are more secure than passwords. Passkeys are based on public-key cryptography, which is a very secure encryption method. This makes it much more difficult for attackers to steal or crack passkeys than it is to steal or crack passwords.
- They are easier to use than passwords. Passkeys can be stored on a user’s device, such as a smartphone or laptop. This means that users do not have to remember multiple passwords for different websites and applications.
- They are more resistant to phishing attacks. Phishing attacks are attempts to trick users into revealing their passwords or other sensitive information. Passkeys are not susceptible to phishing attacks because they are not stored on the server.
Disadvantages of passkeys
Passkeys are not perfect, and they do have some disadvantages, including:
- They are not yet widely supported. Passkeys are a relatively new technology, and they are not yet supported by all websites and applications.
- They can be difficult to recover if lost. If a user loses their device or forgets their passkey, they may not be able to recover access to their accounts.
- They can be inconvenient to use. Passkeys require a compatible device, and they may not be as convenient to use as traditional passwords in all situations.
How to use passkeys securely
The NCSC recommends the following tips for using passkeys securely:
- Use a strong passkey. Your passkey should be at least 6 characters long and contain a mix of uppercase and lowercase letters, numbers, and symbols.
- Keep your passkey secret. Do not share your passkey with anyone, and do not store it in an insecure location.
- Use a different passkey for each account. This will help to protect your accounts from being compromised if one of your passkeys is stolen.
- Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your accounts by requiring you to enter a second factor, such as a code sent to your phone, when you log in.
Conclusion
Passkeys are a new and promising technology that has the potential to make online authentication more secure. However, they are not perfect, and they have some disadvantages. It is important to weigh the advantages and disadvantages carefully before deciding whether to use passkeys.
Additional resources
Passkeys: they’re not perfect but they’re getting better
The AI has provided us with the news.
I’ve asked Google Gemini the following question, and here’s its response.
UK National Cyber Security Centre a new article on 2025-01-14 15:41 titled “Passkeys: they’re not perfect but they’re getting better”. Please write a detailed article on this news item, including any relevant information. Answers should be in English.
87