Welcome to the First Column IT Tech Blog

HomeBlog
There’s Been Another Step Towards Passwordless Authentication

There’s Been Another Step Towards Passwordless Authentication

January 27, 2023

While at the moment, passwords are an important part of your security stack, it is important to acknowledge that the concept of the password was always a flawed system and is overdue to be replaced. This may become a widespread reality sooner than you may expect, too, especially with the buy-in that the big names in tech are demonstrating.

Let’s consider a recent step that one of these big names recently took that shows particular promise for a passwordless future.

Enter the Passkey, and Google’s Embrace of It

The concept of a passkey is a simple one—basically, it’s another stored credential, but in this case, it is stored on the device and is exchanged with the website directly. This way, all obligations for the user to remember any credentials is eliminated.

The passkey is, on almost all counts, a superior means of authentication—and it’s all because it eliminates the need for a password text box at all. Instead of relying on the user to provide a form of authentication, passkeys are automatically generated and are inherently more secure than any user-generated form of authentication.

The trouble is, in order for passkeys to work, support for them will need to become standard. As in, every website, every browser, and every password manager will need to implement them. In addition to this, passkeys will require the user to have their phone handy and to use a Bluetooth connection to allow the phone to talk to the device in use. This localization, while helping protect your accounts, will also eliminate the capability of most desktops to utilize it.

Google, and Many Others, are Enthusiastic about Passkeys

Apple, Google, the FIDO Alliance, and Microsoft have all put their support behind the idea, with Google launching betas on both Chrome and Android, and iOS version 16 implementing it.

Google’s beta—which you can sign up for through Play Services—allows you to create passkeys on your Android devices, and passkeys are now supported in Chrome Canary, with more stable versions promised soon.

Google’s plan is to utilize its Password Manager to store these passkeys. The mobile device will have the user pick the correct account, then use a biometric proof to authenticate their identity. The phone will send over the authentication via Bluetooth, the browser sends the passkey to the website, and you’re in. Of course, if you’re actively logging in to something on your phone, the Bluetooth step is skipped.

We look forward to seeing how this technology develops and the prospect of using it as a means of potentially simplifying user authentication, without shortchanging security as a result. While there’s still some work to be done, the promise is there. In the meantime, reach out to us at (571) 470-5594 to find out how we can help you manage your current cybersecurity and user authentication needs.

Previous Post
September 6, 2024
Three Ways SMBs Combat Mobile Malware
Mobile malware might not have a lot of attention on it, but it can be a significant problem for organizations that rely on smartphones. This goes double for small businesses that typically don’t have the large teams and big budgets for their mobile strategies that include devices, data and phone plans, and security controls. Today, we’ll look at mobile malware and how an organization with a limited budget can keep it from impacting its business.
September 4, 2024
You Should Be Aware of These Two Productivity Pitfalls
Technology has empowered us to achieve more than ever, but with that progress comes increased expectations for everyone. This means greater productivity, and the pressure to perform can be relentless at times, making it crucial to find efficient ways to manage our tasks. Unfortunately, there is a natural limit to how much we can accomplish, and certain challenges can push us to that limit faster. Today, we want to explore two of the most common productivity pitfalls.
September 2, 2024
Cybersecurity Solutions for Remote and Hybrid Work
Remote work has been a mainstay in most businesses’ standard operating procedures in at least some capacity, but it opens up a nasty can of worms regarding cybersecurity. If cybersecurity is not your top priority, and you have remote or hybrid employees, we need to have a talk—and probably a hard one.

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here