New Developer Tools Are Necessary to Boost Passkey Adoption

The password-less technology known as passkeys are esoteric, far from widely adopted, and confusing for consumers.
Based on the WebAuthn standard created by the World Wide Web Consortium and the FIDO Alliance - and jointly supported by Apple, Google, and Microsoft - passkeys are a way of signing into services without passwords using device-based authentication and public-key encryption.
To really change the landscape smaller sites - and their developers - have to adopt passkeys as well, says Anna Pobletts, head of passwordless technology at 1Password, a password-management firm.
With developer services and toolkits rolling out and a maturing infrastructure, passkeys look ready to fully move mainstream in 2024, if mostly for consumer use.
While Apple, Google, and Microsoft already support passkeys in some of their services, Google released its Credential Manager for Android in November to support passkeys across different identity ecosystems, such as 1Password and Enpass.
Some major sites have recently added passkeys - including Amazon and WhatsApp in October - joining dozens of other major e-commerce sites and cloud services - such as Adobe, BestBuy, Ebay, Roblox, and Zoho - to support the technology.
The exact number of web sites and apps that supports passkeys is in flux.
Passkeys.io lists 18 major sites that support passkeys, including brandnames such as Google, WhatsApps, Microsoft, and Amazon.
More Security, But Hard to Implement Passkeys use public key cryptography to exchange and validate a secret, through a mechanism defined by the WebAuthn standard, relying on a device's own security capabilities - or those of a hardware key - to authenticate the user and pass that information to the website.
When a passkey is generated, the user's device stores a private key and sends a public key to the web site, which saves the key during registgration.
The benefit of passkeys over WebAuthn tokens is that passkeys can be synced across a single ecosystem: Any device that uses Apple's iCloud Keychain, for example, could log in using the same set of passkeys, and any device that has 1Password's password-vault application installed could use passkeys saved to that ecosystem across platforms.
Making all this not only easy for people to use, but for developers to implement is critical, says Stytch's McGinley-Stempel.
Overall, 83% of developers are currently working on implementing passkeys for a customer and 68% have personally used passkeys for work, according to the Developers Survey 2024 published by identity management provider Bitwarden.
Understandable, considering that the number of successful logins goes up and the number of password resets goes down when using passkeys.
While authentication infrastructure providers like Stytch are aiming to simplify the move to passkeys for developers, identity providers - such as BitWarden and 1Password - are also providing tools to interface with different passkey ecosystems, including their own.
If tools can make implementing passkeys simpler, then developer and website owners can benefit from the easier security mechanism, says Gary Orenstein, chief customer officer at Bitwarden.
In addition to toolmakers, all the major platforms are offering guidance to developers about how they should implement passkeys.
Similar to anything new it will take time for people to get use to passkeys, says Arnar Birgisson, a software engineer with Google.
Google has prompted its users to make passkeys the default method of logging into its services.
The response has been overwhelmingly positive, with more than 60% reporting passkeys are easier to use than traditional login methods, Birgisson says.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 11 Jan 2024 13:40:15 +0000


Cyber News related to New Developer Tools Are Necessary to Boost Passkey Adoption

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication - While online accounts are increasingly protected by passkey technology, it turns out that many banking, e-commerce, social media, website domain name administration, software development platforms, cloud accounts, and more can still be compromised ...
5 months ago Darkreading.com
Getting Started With Passkeys, One Service at a Time - In addition to the major three technology firms supporting passkeys - Apple, Google and Microsoft - third-party password providers, such as 1Password and Bitwarden, implemented their own support for managing the credentials. Overall, more than 7 ...
11 months ago Darkreading.com
Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication - Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch's new solution offers a flexible, API-first approach to passkeys that abstracts the ...
1 year ago Helpnetsecurity.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
New Developer Tools Are Necessary to Boost Passkey Adoption - The password-less technology known as passkeys are esoteric, far from widely adopted, and confusing for consumers. Based on the WebAuthn standard created by the World Wide Web Consortium and the FIDO Alliance - and jointly supported by Apple, Google, ...
11 months ago Darkreading.com
How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
1 year ago Techrepublic.com
How To Start Using Passkeys? - To embark on this journey of enhanced protection, the initial step is to comprehend the essence of passkeys and their pivotal role in safeguarding your digital assets. The process kicks off with selecting a robust and unique passkey that serves as ...
11 months ago Hackersonlineclub.com
Aim Security Raises $10M to Secure Generative AI Enterprise Adoption - PRESS RELEASE. TEL AVIV, Israel-(BUSINESS WIRE)-Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. Aim Security was founded by ...
10 months ago Darkreading.com
WebAuthn Conditional UI - Despite its recent introduction and ongoing adoption by browsers, there's a noticeable gap in technical documentation and implementation advice for Conditional UI. This article aims to bridge that gap by explaining what Conditional UI is, how it ...
1 year ago Feeds.dzone.com
Shift-left Convergence with Generative AI Improves the Programmer's Role - The ongoing 'shift left' movement in software development - where testing and quality control measures are moved earlier in the application lifecycle - is pushing developers into less familiar areas such as security. While intended to deliver more ...
10 months ago Feedpress.me
X Launches Secure Login with Passkey for iOS Users in US - X is set to allow users to login in with a passkey rather than a password, but only on iOS devices. X earlier announced its intention to roll out passwordless technology, and it has now made the option available to iPhone customers. It enables a ...
10 months ago Cysecurity.news
Part 2: Smart Shift Left - In my previous blog post, we discussed the state of the union for shift left and and how many organizations are not implementing correctly. Recognizing the consequences of a poor shift left model. Many of the high friction points with a poor shift ...
9 months ago Feedpress.me
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
7 months ago
Bitwarden: how to create and use Passkeys to sign in - They can use a master password and improve security by adding a two-factor authentication option to the process. A private part of it never leaves the device, which means that all standard password attacks don't work against passkeys. I used the ...
11 months ago Ghacks.net
7 Best Vulnerability Scanning Tools & Software - Vulnerability scanning tools scan assets to identify missing patches, misconfigurations, exposed application vulnerabilities, and other security issues to be remediated. To help you select the best fitting vulnerability scanning solution, we've ...
11 months ago Esecurityplanet.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
1 year ago Csoonline.com
Bitwarden adds passkey support to log into web password vaults - The open-source Bitwarden password manager has announced that all users can now log into their web vaults using a passkey instead of the standard username and password pairs. Passkeys are the more secure alternative to the passwords that most people ...
11 months ago Bleepingcomputer.com
New Bluetooth Vulnerability Leak Your Passcode to Hackers During Pairing - To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer’s public key X coordinate matches that of the local device, except when a debug key is used. This vulnerability, known as ...
2 months ago Cybersecuritynews.com
New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing - The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing ...
2 months ago Gbhackers.com
Top Security Trends and Predictions for 2024 - Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics, give us unique visibility into trends in mobile security. First, let's talk ...
1 year ago Securityboulevard.com
CVE-2020-26558 - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public ...
2 years ago
CVE-2022-25836 - Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing ...
2 years ago
How software engineering will evolve in 2024 - From artificial intelligence and digital twin technologies, to platform engineering rooted in devops principles, to chaos engineering techniques that enhance resilience, to the expanded use of internal developer portals that boost productivity, ...
11 months ago Infoworld.com
2023 Cloud Security Report - Security concerns remain a critical barrier to cloud adoption, showing little signs of improvement in the perception of cloud security professionals. Cloud adoption is further inhibited by a number of related challenges that prevent the faster and ...
1 year ago Cybersecurity-insiders.com
Developers behaving badly: Why holistic AppSec is key - A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)