Passkeys replacing Passwords

  • Thread starter Thread starter jedishrfu
  • Start date Start date
Click For Summary
SUMMARY

Passkeys are emerging as a superior alternative to traditional passwords for secure authentication on websites, driven by major tech companies like Google, Microsoft, and Apple. The FIDO Alliance has been advocating for this password-less future for over a decade, emphasizing the need to reduce reliance on passwords. Passkeys are integrated at the operating system level, enhancing security and user experience, although users on Linux can still utilize passkeys through SSH key management. The discussion highlights skepticism regarding the advantages of passkeys over established password management practices.

PREREQUISITES
  • Understanding of passkey technology and its implementation
  • Familiarity with the FIDO Alliance and its objectives
  • Knowledge of SSH key management on Unix-like systems
  • Basic concepts of cybersecurity and password management
NEXT STEPS
  • Research the FIDO2 standard and its role in passkey implementation
  • Explore how to implement passkeys in web applications using WebAuthn
  • Learn about the security implications of using passkeys versus password managers
  • Investigate the integration of passkeys in various operating systems, including Linux
USEFUL FOR

Cybersecurity professionals, web developers, IT administrators, and anyone interested in modern authentication methods and improving online security practices.

jedishrfu
Mentor
Insights Author
Messages
15,611
Reaction score
10,388
TL;DR
Passkeys are replacing passwords as a better means of secure signing to web sites.
https://www.wired.com/story/what-is-a-passkey-and-how-to-use-them/

PASSWORDS SUCK. THEY'RE hard to remember, but worse is playing the ever-evolving game of cybersecurity whack-a-mole with your most important accounts. That’s where passkeys come into play. The so-called “war on passwords” has taken off over the past two years, with titans like Google, Microsoft, and Apple pushing for a password-less future that the FIDO Alliance (a consortium made to “help reduce the world’s over-reliance on passwords”) has been trying to realize for over a decade.
...
{/quote]
 
Computer science news on Phys.org
jedishrfu said:
TL;DR Summary: Passkeys are replacing passwords as a better means of secure signing to web sites.

https://www.wired.com/story/what-is-a-passkey-and-how-to-use-them/
I really don’t find my passwords that hard to remember. I use a pattern which can be varied endlessly. I use a little stronger one on my e-mail as that’s where all the passwords to various sites can be reset.

Apropos not much:

Paasword Strength
 
Last edited:
This made me laugh:
Passkeys are broadly integrated at an operating system level. If you’re using an OS that doesn’t natively support passkeys—i.e., Linux—you can still use them.
Linux has been using SSH for decades with that same principle, securing practically all the servers of the internet:
https://en.wikipedia.org/wiki/Secure_Shell#Authentication:_OpenSSH_key_management said:

Authentication: OpenSSH key management​

On Unix-like systems, the list of authorized public keys is typically stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys. This file is respected by SSH only if it is not writable by anything apart from the owner and root. When the public key is present on the remote end and the matching private key is present on the local end, typing in the password is no longer required. However, for additional security the private key itself can be locked with a passphrase.
But GAFAM has to invent some other way to do the same thing.

I still fail to see any serious advantage over the use of a password manager with random passwords.
 
Reply
  • Like
Likes   Reactions: PeroK

Similar threads

Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
Part of the starting of my sci-fi stories
  • · Replies 12 ·
Replies
12
Views
5K
Three new books to read about expertise vs. democracy
  • · Replies 4 ·
Replies
4
Views
3K
News Should the US intervene in world problems?
  • · Replies 29 ·
Replies
29
Views
10K
Is Humanity Ready to Play God in Gattaca's Genetic Engineering Debate?
  • · Replies 5 ·
Replies
5
Views
5K
News Energy Policy Initiatives - They Suck
  • · Replies 22 ·
Replies
22
Views
4K
Graduate BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K
News Downing Street - New memos released
  • · Replies 2 ·
Replies
2
Views
3K
Graduate How Do Various Theories Define Information Through Entropy?
  • · Replies 13 ·
Replies
13
Views
10K