Apple, Google and Microsoft Agree Passwordless Future

Three major tech providers have agreed to introduce support for passkey-based login, in line with recommendations of the FIDO Alliance.

Passkeys have been proposed as one of the possible futures for the death of passwords, and would be freshly generated with each biometric login to a registered device to help prevent password-theft.

In future Google Chrome, Microsoft Edge and Apple’s Safari will all facilitate passwordless login as an option – and major tech providers will offer passkey login for important online services including Active Directory and Azure.

Microsoft estimate that around 330,000 people have removed their password from their Microsoft Account in the last six months – with most using Microsoft Authenticator as a kind of passkey instead.

‘Hackers don’t break in, they log in’ is an often repeated mantra among cybersecurity professionals – reflecting the fact that most online accounts are breached via a normal login attempt, but with stolen credentials.

The FIDO alliance is the the online movement to replace password authentication entirely with single-use passkeys – although the organisation admits there are barriers to entry, including organisations’ cost to develop their own versions of the technology, an unfamiliar user experience, and the reluctance to ‘go first’.

It is hoped that with major tech providers building passkey support into their browsers, many more developers will be able to adopt the new standard to help keep users secure.

 

For Cybersecurity expertise and support, please contact our team today.


Keeping your business IT secure – What’s the perfect password?

IT-Security

How to keep your IT Secure

Data breaches can lead to a massive loss of trust among customers, so how do you ensure your IT remains secure?

Despite what many online sign-up forms would suggest, the ‘strongest’ password is not necessarily long and complicated. Whilst complexity makes a password harder to guess or crack with a ‘brute force’ testing of combinations, most security breaches occur from stolen passwords, either physically or by malware attacks.

Very complex passwords do not help in this respect: users still need other IT security, such as antivirus software, errors are more common when typing (particularly on handheld devices) and employees may find complex passwords harder to remember – undermining data security by writing down their login details. The ubiquitous sticky note attached to the monitor is still a trusted solution to working with complex password policies in some organisations!

Routine password changes are a sensible precaution for most businesses, but can make it harder for employees to remember their passwords, leading to the same problem in which users are locked out of work accounts, copy passwords across accounts, or write passwords down at risk of theft.

Phrases can help avoid this problem by making passwords easier to recall: ‘Lineal15theB3st’ is preferable to a 15-digit numeral because a touch of personality adds memorability. Beware profanity though – just imagine trying to explain it to technical support later on!

Here at Lineal we’d also advise against ‘Remember Me’ automated sign-in functions, as well as Windows 10’s new Wi-Fi password sharing ‘Wi-Fi Sense’ Feature, as these make your chosen password redundant.

If you want to see where the future of online security is going, follow the money: most online banking incorporates a two-stage authentication process, requiring both a password and a unique alert code texted to the customer’s mobile phone for identification. This is already a free optional setting for Google, Facebook, Twitter and other popular websites.

Lineal’s advice is to stick to the following basics:

Avoid physical theft:

  • Don’t write your passwords down on a post-it note on your desk! Microsoft has a practical tip: if you absolutely must write a password down, do so in a safe place, without labeling it as a password or to which account it refers. Substitute words should also be used to hide the true password, for example writing ‘Fruit8£’ could refer to a password of ‘Apple8£’.
  • Don’t use an easily guessed word, such as your name, your company’s name, 1234, the name of something on your desk, the word ‘password’, or anything similarly obvious.
  • Never tell anyone your password, and change your password if you suspect it has been compromised.

Ease of Access:

  • If you struggle to remember your passwords, use a password storage program to store some of them. Remember to use a secure password for the program.
  • Mitigate against your own forgetfulness by setting up alternate password recovery options, allowing you to choose more varied, difficult passwords.
  • Consider where users will need to log in from – take full advantage of using numbers and special characters ( ! , £, %, * etc.) for keyboard users.

Preventing digital theft:

  • Use different passwords for your most important accounts, such as online banking.
  • Use two-stage authentication.
  • Maintain up to date anti-virus security software and firewalls on your work desktops, and don’t download untrusted software or open suspicious emails which could be phishing or contain password stealing malware.
  • Consult IT specialists to ensure office networks are protected from outside attacks.

Your security should always be strong enough to give peace of mind. Lineal can provide expert advice and support for securing your IT systems: why not get in contact with us here?

More from Lineal News

Flikr: Jason Baker