While Big Tech's idea of the end of passwords was an issue on the agenda, it was still far from becoming a reality. Other alternatives were developed, such as: pushes, OAUTH single-sign ons and trusted platform modules. However, they were the ones that presented safety problems that arose during use. On the other hand, recently a new alternative called keys of access and it is about them that we will talk in the text. Check out!
Read more: Cryptography
see more
Replaced by ChatGPT at work, woman spends three months…
Towards artificial intelligence: Apple plans to integrate chatbot in…
Understand how access keys work
Access keys are a way of storing access authorizations in hardware, a concept that is not new. The big developer companies (Microsoft, Apple, Google and a consortium of other companies) have come together in a new standard called singlepasskey shepherded by the FIDO Alliance. By using access keys, in addition to facilitating access, it ensures more security against account takeover attacks. This alternative is already in use in some companies. This week PayPal announced that US users can use it.
Keys are invisible and integrate with Face ID, Windows Hello and other biometric readers. However, the systems are still being updated so that the keys can be used both on the iOS or mac system and on Windows.
Advantages of keys
This is a secure system, as only opening the device physically or subjecting it to a jailbreak attack can obtain some encrypted information. And even then it is necessary to present fingerprint, facial scan or token PIN. Another positive point for security is that the authentication flow between FIDO devices depends on the Bluetooth Low Energy, and it checks the proximity of the authenticating device to what it's trying to do Login.
So far there have been few attacks against the system. Passkeys do not rely on a password, they store various authentication factors managed by the device's operating system. In addition to having the possibility to capture encryption from other devices using a cloud service.
Microsoft has announced that it plans to provide sync support in 2023. These are the platforms that support passkey login from a nearby device:
- Edge and Chrome on Windows;
- Edge, Safari and Chrome on macOS;
- ChromeOS.
