Passkeys: Your Key to Future-Proof Cybersecurity in 2023

By Gautam Tarafdar , COO and Treasurer, Promantus Inc

At the FIDO2 flagship event Authenticate 2023 in Carlsbad, CA, the air was electric with the possibility of a passwordless and secure online future for all netizens. The FIDO2 Alliance promises a transition to a secure online experience. One that doesn’t require users to remember passwords—something many keep stored in unsecured documents and notes. To those who attended the event, the current approach to passwords—and the less-than-secure way we remember them—is too old school, risky, phishable, and hackable. And FIDO has data on their side to prove it.?

During the course of events, Microsoft shared that there are up to 4,000 attacks every second on their website from bad actors, nearly a staggering 345 million attempts per day. In response, Microsoft has stepped up and made their new operating system completely passwordless. Truly a sign of changing times.?

Online Phishing and the Army of Bots

The biggest challenge is that hackers use the latest technology like AI to prey upon those who use passwords to protect their banking accounts, websites, and private information. What’s particularly worrisome is that these malicious actors are launching attacks on large corporations resulting in rampant data breaches. Once a website is hacked, user data including usernames and passwords becomes publicly available. With over 50% of users reusing passwords, these attackers employ bots to gain unauthorized access across multiple platforms.?

Now, all these bad actors have to do is run bots on multiple websites using your username-password combination. Once they get a hit, they’re in. Depending on what website or app they get access to, they can cause a load of inconvenience and possible financial loss to you. So as a warning to all, avoid reusing passwords and rely on strong password standards recommended by websites.?

Moving Beyond Complex Password Combinations

In response to these threats, many experts advise using strong passwords and not reusing them for different websites.? However, this raises another important question: how are you going to remember these 100+ passwords assuming you keep your username the same??

This is where an industry has cropped up and promises to keep your passwords safe in a single collection—otherwise known as passkeys. Many of these providers also offer services to keep your sensitive documents and contracts safe in a vault. Passkeys can provide you with a sense of security in a future that does not rely on passwords.

The Passwordless Revolution

Passkeys redefine authentication, moving beyond the limitations of traditional passwords. They might be something you’ve already used in finance apps like Mint, which uses face ID or touch ID for authentication. Authentication could also be done using voice, iris scan, or a physical security key; saving you from the risk of data breach and the hassles of saving passwords.

But how does this solution work? A passkey system generates a cryptographic key pair, consisting of a “public key” held by the website and a “private” key held by the user. When a user attempts to access a website, an encrypted message is sent using the public key. Only the private key can decrypt the public one, thus confirming the user’s identity. The uniqueness of key pairs for each website eliminates the risk of falling prey to phishing sites impersonating trusted organizations. They synchronize across devices, providing enhanced availability and recovery options.

Paving the way for a Passkey Future

So if this is so simple and secure why aren’t we seeing widespread adoption? While it was developed to protect consumers, they’re generally not aware of its benefits. More importantly, the ecosystem has not developed a mechanism to get passkeys to a price point that’s appealing enough for people to subscribe to it.?

The goal now is to shift focus to the corporate sector, to companies with deeper pockets for cybersecurity that want to avoid the public embarrassment and fallout of a hack. And for good reason too. Each hack costs corporations approximately $15 million, not to mention the PR nightmare and loss of consumer confidence.

Eminent technology giants like Google, Microsoft, and Apple, alongside other industry leaders such as Amazon, Paypal, and TikTok are driving the passkey revolution. The FIDO alliance announced that over 52% of users found passkeys to be a better solution than passkeys in 2023. As consumers, Rachel Tobac, ethical hacker and security expert, cautioned us to be ‘politely paranoid’.

Mitigate Risk with Promantus Inc

We recognize the above-mentioned barrier of not being able to afford a cybersecurity program because of high costs. We’ve got a solution for you. A well-documented, efficient, and economical cybersecurity program is becoming increasingly vital for businesses of all scales and sizes. And Promantus Inc can help.?

Our approach follows the NIST Cyber Security Framework - IDENTIFY, PROTECT, DETECT, RESPOND and RECOVER - to handle Cyber Operations. Reach out at www.promantus.com and our team will lead you towards a tailored solution that aligns with your unique business needs.