Articles about Passkeys

The move from passwords to passkeys is making gradual progress, and Google is among the companies pushing to encourage people to make the switch.  Now there are signs that things are being taken up a notch.

Hidden away in the most recent Canary build of Chrome, Google is testing a flag which, when enabled, will automatically convert saved passwords into passkeys when logging into a site or service.

Continue reading →

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Continue reading →

As you'll already know, today is World Passkey Day and the FIDO Alliance has released an independent study of over 1,300 consumers across the US, UK, China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The results are encouraging, they find 74 percent of consumers are aware of passkeys and 69 percent have enabled passkeys on at least one of their accounts.

Continue reading →

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

Continue reading →

The next time you sign into your Microsoft account you may well be greeted by a new look. Microsoft has started the roll out of what it is calling a “new sign in experience” as the company uses its Fluent 2 design language to revamp the UI and UX. For better or worse, this is an attempt to create an “unmistakably Microsoft” look and feel.

The changes affect users of Windows, Xbox, Microsoft 365, and more, and Microsoft predicts that the majority of users will see the new look by the end of April. As part of the redesign, users are being given more choice; there is now a dark mode option.

Continue reading →

Embattled social platform TikTok has announced a new Security Checkup tool. It has been designed as a one-stop dashboard where users can check and update all of their account security settings.

The security tool is similar to those provided by the likes of Google and Meta, and it helps to promote the idea of users being proactive in ensuring account security. Importantly, there is a lot of hand-holding to eliminate the feeling of intimidation that some people may otherwise have felt about security issues such as passkeys and two-step verification.

Continue reading →

A new report shows that 87 percent of companies in the US and UK have, or are in the process of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance.

The research from the FIDO Alliance, along with underwriters Axiad, HID, and Thales, finds 47 percent report rolling out a mix of device-bound passkeys on physical security keys and/or cards and passkeys synced securely across the user's devices.

Continue reading →

A new report finds that 80 percent of organizations are using or planning to adopt passkeys, as they offer a significant reduction in risks like phishing and credential stuffing, compared to traditional passwords.

However, the study from Keeper Security also finds that 40 percent of businesses continue to rely on hybrid authentication systems that blend both passwords and passkeys. These hybrid setups are often needed due to the use of legacy systems and specialized applications that have yet to support passkeys.

Continue reading →

With a constant power struggle between attackers and defenders cybersecurity is a fast-moving area. That makes it notoriously hard to predict what might happen, but that doesn't stop us trying. Here are what some industry experts think the cybersecurity world has in store for 2025.

Sasha Gohman, VP, research at Cymulate, thinks ransomware will become obsolete. "Ransomware may become obsolete due to the fact that decrypting your important files may become a feasible task with quantum computing. On the other hand, ransomware operators may then choose to encrypt your important files with quantum-resilient encryption."

Continue reading →

Google has made a move toward a passwordless future by expanding its passkey support to desktop devices. Until now, passkeys could only be saved to Google Password Manager on Android devices, requiring users to scan a QR code from an Android phone to access them on other platforms. However, thanks to a new update, passkeys can now be saved and managed directly on desktop systems running Windows, macOS, and Linux. ChromeOS is also available for testing in the Beta channel.

Passkeys are designed to offer a more secure and user-friendly way of signing in to websites and apps by using biometric methods like fingerprints, facial recognition, or a screen lock instead of traditional passwords. This makes logging in as simple as unlocking your device.

Continue reading →

Fastmail has launched a new feature allowing users to create passkeys for their accounts, promising a faster and more secure authentication method compared to traditional passwords. Passkeys address the inherent weaknesses of passwords by using cryptographic keys that offer several advantages over conventional methods.

Passwords, the standard for online authentication, present challenges such as the difficulty in creating secure passwords and vulnerability to phishing attacks. In contrast, passkeys operate on public key cryptography, where a private key creates a signature and a public key that the website can verify. This method provides security benefits like replay resistance, where each login attempt involves a unique challenge from the website, making passkeys resistant to interception. They are also leak-resistant since only the public key can be compromised without being used to forge a login, and they are phishing-proof as passkeys are inherently tied to the website they were created for.

Continue reading →

Take up of passkeys as a more secure means of accessing websites has been a little disappointing to date, but new research from Dashlane shows that passkeys are starting to gain traction with consumers.

It finds that early passkey adoption is largely being driven by the consumer space, with 'sticky' apps (those used frequently on a daily basis -- including Facebook and X) leading the way.

Continue reading →

The work landscape has changed enormously in recent years with hybrid and remote working now becoming the norm. This makes it harder for businesses to secure their systems as there's no longer a clearly defined network perimeter.

1Password now has an Extended Access Management feature that helps organizations to secure every sign-in to every application from every device.

Continue reading →

Yesterday's coverage of World Password Day sparked some discussion among the BetaNews team about passkeys and how they work.

We figured that if we're confused about them then some of you probably are too, so here's a FAQ look at passkeys, how they work and why you should consider using them.

Continue reading →

Google launched its passkeys initiative on 2022's World Password Day and this year it's marking the day with some new updates.

It’s expanding Cross-Account Protection, an initiative where Google will share security notifications about suspicious events on your Google Account with the non-Google apps and services you use. Doing this will allow the other apps and services connected to your Google Account to use the security information to better protect your other accounts.

Continue reading →