ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

Passkeys: a secure solution to replace passwords forever

Technology
Sponsored by Yubico
Linked InTwitterFacebook

 

As more of our personal and working lives move online, we’re all using a bigger range of online services, meaning more pressure to create and remember passwords. Often, these passwords are shared across business and personal devices, so a breach in an individual’s life outside work can cause havoc for their employer, too.

 

Obvious passwords are all too easy for hackers to uncover, and users’ tendency to duplicate these across multiple sites means criminals can gain access to someone’s entire online activity from finding out just one password. In fact, according to Security.org, 68 per cent of people use the same password for all of their accounts. More difficult passwords, meanwhile, will be more secure and harder to guess – but run the risk of being forgotten, leading to users being locked out of accounts altogether. For businesses, passwords are inherently risky, not least because of the growing threat of phishing, where users are tricked into providing login credentials to criminals.

 

An increasingly popular, and inherently more secure, option is passkeys. “Passkeys use cryptography to create digital keys which protect your accounts from attacks such as phishing and credential stuffing”, says Christopher Harrell, Chief Technology Officer at Yubico, a leading provider of multi-factor authentication. “Passkeys are built to replace passwords, and create a much more secure and usable experience. They are stored on a device such as your smartphone or on a physical security key. Instead of a website asking for you to type your password to log in, you’ll confirm your identity via a passkey.”

 

Each passkey is a keypair consisting of a public key and a private key, adds Harrell. “The public key is stored by a website or service, while the private key remains on your device,” he says. “Successful authentication relies on proving possession of the private key in a way that the service with the public key can verify.” Crucially, passkeys are phishing-resistant and can’t be stolen or intercepted during use and, as each one is linked to a specific website or app, passkeys prevent credential attacks by phishing sites.

 

It’s important that businesses and individuals understand the different forms of passkey that are available, to make an informed choice about what approach is best for them. Syncable passkeys, offered by platforms such as Apple and Google, can be shared among smartphones, tablets, laptops or desktops. These are primarily meant for lower assurance scenarios, to help people move away from phishing-prone passwords. “In the event of a lost device, syncable passkeys can make account recovery easier if the user has another device that works with the cloud-syncing service they used and remembers the recovery credentials,” points out Harrell.

 

The ultimate protection comes from hardware-bound passkeys, such as Yubico’s YubiKeys, where a passkey stays on one physical device. “They are a benefit for organisations and higher-risk individuals because they provide the highest levels of assurance and are easy to understand and build systems around: no device, no access,” says Harrell.“Syncable passkeys can be convenient but that comes at a cost. If the passkey recovery mechanisms aren’t phishing-resistant then attackers will shift their phishing efforts to those.”

 

Despite the growing availability of passkeys, public awareness still has some way to go. More than half ­– 59 per cent ­– of business accounts are still authenticated using username and passwords, according to Yubico’s State of Global Enterprise Authentication Survey. Meanwhile, 22 per cent of employees still believe usernames and passwords are actually the most secure way to authenticate, although 61 per cent of employees and 79 per cent of senior leaders believe their organisations need to upgrade to more modern phishing-resistant forms of multi-factor authentication, such as hardware security keys.

 

The profile of passkeys is set to grow in the coming years, with major operating systems now starting to support fully password-less options, and incorporating security-focused hardware into their designs. Mainstream services are incorporating support for passkeys as a method to authenticate into accounts. Google recently announced that it will make passkeys the default sign-in method for all users on its Android or Chrome platforms. Passkeys can also be used to secure Apple ID and iCloud accounts, and Amazon has enabled support for passkeys for accessing Amazon and AWS accounts.

 

Harrell is hopeful that such efforts will help to improve security for businesses and consumers, and ultimately reduce the risk of companies and individuals falling victim to cyber-criminals. “As passkeys continue to gain momentum around the world, we’ll see the advantages and the differing levels of security available continue to become widely accepted and understood,” he predicts.

To find out more about Yubico and how the YubiKey can protect your online accounts, please visit yubico.com

Sponsored by Yubico
Digital Economy
Linked InTwitterFacebook

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings

Join the Business Reporter community today and get access to all our newsletters, and our full library of talk show episodes

Join the Business Reporter community today and get access to all our newsletters, and our full library of talk show episodes

Join free today
Join Business Reporter