NCSC Feed: Passkeys: they’re not perfect but they’re getting better

Source URL: https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better
Source: NCSC Feed
Title: Passkeys: they’re not perfect but they’re getting better

Feedly Summary: Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.

AI Summary and Description: Yes

Summary: The text discusses the emergence of passkeys as a secure alternative to traditional account passwords, highlighting their advantages such as resistance to phishing and unique generation for different sites. While passkeys are recognized for their potential security improvements and user convenience, widespread adoption is still hindered by existing challenges, preventing definitive recommendations for their use in all services.

Detailed Description: The text outlines the significance of passkeys in improving online authentication security, providing important insights for professionals in information security and compliance. Here are the key points discussed:

– **Definition of Passkeys**: Passkeys are a modern authentication method designed to replace traditional passwords, addressing critical security issues.
– **Security Advantages**:
– **Secure Generation**: Unlike passwords, passkeys cannot be easily guessed due to their secure generation process.
– **Phishing Resistance**: They are not susceptible to phishing attacks, significantly lowering risk for users.
– **Unique to Each Site**: Each passkey is unique to the specific website, thereby containing a security breach to only one location if compromised.
– **User Convenience**: Passkeys reduce the time it takes to authenticate. For instance, Microsoft reports that signing in with passkeys takes an average of only 8 seconds, as opposed to 69 seconds when using traditional passwords with two-factor authentication.
– **Adoption Hesitations**: Despite the benefits of passkeys, the NCSC (National Cyber Security Centre) has not yet fully endorsed them for mass adoption. Their guidance still recommends maintaining a combination of passwords with extra security measures due to unresolved issues with the current state of passkey technology.
– **Call for Progress**: There is a push for more rapid advancements and collaboration in passkey technology development so that its potential can be fully realized, allowing authorities to confidently recommend these methods for wide use.

Overall, the conversation around passkeys is critical for security professionals as it indicates a shift toward passwordless authentication methods, creates opportunities for user-friendly security implementations, and emphasizes the need for ongoing improvements to ensure safe deployment across diverse platforms.