RIP Passwords: Thanks for all the Phish – One Step Closer to a Passwordless Future
Passkeys are the phishing-resistant replacement for passwords developed by the FIDO Alliance. They are a safer, more convenient alternative to passwords.
As the NY Times wrote Apple, Google, and Microsoft are working together to support a new way for people to log in to accounts without using passwords: “Passkeys“.
Wired shares this guide on how to adopt them, and in this article ‘The War on Passwords Enters a Chaotic New Phase‘ they describe how the FIDO Alliance has been making real progress encouraging their adoption.
They report on comments from Christiaan Brand, co-chair of the FIDO2 technical working group and an identity and security product manager at Google, who outlines the challenges ahead for a large-scale adoption of this approach to security that will obviate the entrenched username/password system.
Passkeys
Google’s next step into a passwordless future is here with the announcement that passkeys — a new cryptographic keys solution that requires a preauthenticated device — are coming to Google accounts on all major platforms. Google users can now switch to passkeys and ditch their passwords and two-step verification codes entirely when signing in.
Passkeys are the phishing-resistant replacement for passwords developed by the FIDO Alliance. They are a safer, more convenient alternative to passwords being pushed by Google, Apple, Microsoft, and other tech companies aligned with the FIDO Alliance. They can replace traditional passwords and other sign-in systems like 2FA or SMS verification with a local PIN or a device’s own biometric authentication — such as a fingerprint or Face ID.
This biometric data isn’t shared with Google (or any other third party), and passkeys only exist on your devices, which provides greater security and protection since there’s no password that could be stolen in a phishing attack.
To learn more about passkeys and how to turn a basic form-based username and password sign-in system into one that supports passkeys, check out the documentation on developers.google.com/identity/passkeys.
Vendor Showcase
| HYPR | HYPR fixes the way the world logs in by breaking the trade-off between strong security and consumer-grade user experiences, and their approach replaces password-based MFA with Passwordless MFA. Their HYPR Cloud Platform improves your security posture and enables business growth with multi-factor authentication (MFA) that’s truly passwordless. | |
| 1Password | 1Password is a password manager that lets you create, use, and share passkeys, and lets you securely share your passkeys. Use shared vaults to make passkeys available to co-workers and family members, or use item sharing for short-term access. | |
| Lastpass | LastPass is a password manager application owned by GoTo, which saves your passwords and gives you secure access from every computer and mobile device. The LastPass Authenticator app enables passwordless login to your vault on desktop. In August they announced FIDO2 compatible authenticators as additional options. | |
| Nordpass | All NordPass users now have the ability to store and manage passkeys in NordPass and use them to access apps and websites. NordPass syncs your passkeys across all of your devices as well as operating systems and enables you to safely share passkeys whenever needed. | |
| Ping Identity | In September Ping announced PingOne for Customers Passwordless, a cloud-based passwordless solution that effortlessly caters to all customer identity types, at scale, with minimal setup required. | |
| Dashlane | With Dashlane, you can create and save passkeys to help you manage your online life. Passkeys are included with all Dashlane plans. If you have a Dashlane account, you can start saving and managing passkeys anytime. | |
| Yubico | Yubico offers a range of passwordless solutions, and offer an ebook guide on how to implement Passkeys. | |
| Okta | In October Okta announced support for passkeys in early access as a passwordless authentication method for Okta Customer Identity Cloud, powered by Auth0. | |
| Trusona | The Trusona Authentication Cloud is a passkey-as-a-service platform that quickly gets more customers signed up and signed in to your website while cutting SMS OTP costs. |
Video Library
