What Are Passkeys? A User-Friendly Authentication Weapon in the Battle Against Phishing


As technology evolves, so does the need for more secure and user-friendly authentication methods. Passkeys, based on industry standards for account authentication, offer a simple and secure way to sign in to apps and websites across platforms without the need for passwords.

We’ll explore what passkeys are, how they work, and why they’re an excellent alternative to traditional passwords.

Streamlined Sign-In Experience

Passkeys provide a quick and easy one-step account creation and sign-in process using Face ID or Touch ID. There’s no need to create or manage passwords, making the sign-in experience hassle-free. With passkeys synced through iCloud Keychain, they’re available across all Apple devices, and you can even use your iPhone to sign in to apps and websites on non-Apple devices.

Next-Generation Account Security

Passkeys are based on FIDO Alliance and W3C standards, replacing passwords with cryptographic key pairs that significantly enhance security:

– Strong Credentials: Passkeys are inherently strong and never guessable, reused, or weak.

– Safe from Server Leaks: Servers only store public keys, making them less attractive targets for hackers.

– Safe from Phishing: Passkeys are intrinsically linked to the app or website they were created for, preventing users from being tricked into signing in to fraudulent apps or websites.

Furthermore, passkeys stored in iCloud Keychain are end-to-end encrypted, ensuring a strong, private relationship between users and your app or website.

Seamless Integration with Passwords

Signing in with passkeys uses AutoFill and Face ID or Touch ID for biometric verification, allowing for a seamless transition to passkeys. Users can continue using passkeys alongside passwords without any adjustments to the sign-in page based on credential type. The new Authentication Services API enables developers to add passkeys and create familiar sign-in flows for users.

A User-Friendly Solution for Enhanced Security

Passkeys have emerged as a powerful tool in the fight against phishing attacks, offering a user-friendly authentication method that prioritizes security. By replacing traditional passwords with cryptographic key pairs, passkeys provide a secure and simplified sign-in experience that keeps users’ information safe from potential threats.
In addition to being easy to use, passkeys are intrinsically linked to the app or website they were created for, which means users cannot be tricked into signing in to fraudulent apps or websites. This unique feature makes passkeys an effective defense against phishing attacks, ensuring a safer online experience for users across various platforms.

 Services Supporting Passkeys

A growing number of popular services are embracing the use of passkeys for secure and user-friendly authentication. Here’s a list of some notable services that currently support passkeys:

– Google
– PayPal
– Cloudflare
– Shopify
– Kayak
– Yahoo! Japan
– NTT DOCOMO
– CVS Health
– Hyatt
– Instacart
– Robinhood
– Mercari

As more services adopt passkeys, users can enjoy a seamless and secure sign-in experience across various platforms without the need for traditional passwords.


iOS Triangulation: A New Cyberattack Threatening iOS Users

Kaspersky’s CEO recently revealed a new cyberattack against iOS devices called Triangulation. The attack has already infected several dozen iPhones, including those of Kaspersky employees.

The Triangulation Attack

Triangulation is a cyberattack that targets iOS devices, specifically iPhones. It begins with an iMessage containing a malicious attachment. Once the attachment is received, it exploits a number of vulnerabilities in the iOS system to install spyware on the device, all without requiring any user action.

The spyware then proceeds to transmit private information to remote servers. This includes:

a) Microphone recordings,

b)Photos from instant messengers,

c) Geolocation data,

d) Information about various other activities.


The extent of the data breach and the potential impact on users’ privacy is significant.

Kaspersky’s Response

Upon discovering the Triangulation attack, Kaspersky took swift action to neutralize the threat. The company’s business processes and user data remain unaffected, and operations are continuing as normal. Kaspersky is confident that it was not the main target of this cyberattack and anticipates further details on the worldwide proliferation of the spyware in the coming days.

Russia Accuses NSA of Attacks

In a statement that coincides with Kaspersky’s report, Russia’s FSB intelligence and security agency has accused Apple of deliberately providing the NSA with a backdoor to infect iPhones in Russia with spyware. The FSB claims to have discovered malware infections on thousands of Apple iPhones belonging to Russian government officials and staff from the embassies of Israel, China, and several NATO member nations in Russia. However, the FSB has not provided any proof to support these allegations.

The Russian state has previously recommended that all presidential administration employees and members switch from using Apple iPhones and, if possible, give up American-made technology entirely.

Kaspersky’s Findings and FSB’s Report

Kaspersky confirmed to BleepingComputer that the attack impacted its headquarters office in Moscow and employees in other countries. However, the company stated it is in no position to verify a link between its findings and the FSB’s report, as they do not have the technical details of the government’s investigation.

Despite this, Russia’s CERT released an alert linking the FSB’s statement to Kaspersky’s report on the Triangulation cyberattack.

One Week Until WWDC23 – Get Ready to Code New Worlds.

The excitement is building as we’re just one week away from Apple’s Worldwide Developers Conference (WWDC) 23, taking place from June 5th to 9th.

This annual event is a highly anticipated gathering of developers, tech enthusiasts, and Apple fans who come together to learn about the latest advancements in software and technology. This year, the event promises to inspire developers to “code new worlds” and push the boundaries of innovation.

Could this be a subtle hint for developers to prepare for a new Mixed Reality (MR) headset?

The intriguing theme of “code new worlds” has sparked speculation among the tech community. Some believe that it could be a subtle hint from Apple, suggesting the introduction of a new Mixed Reality (MR) headset at the event. If true, this would open up a whole new realm of possibilities for developers to create immersive and groundbreaking experiences, combining the best of both virtual and augmented reality.

While there is no official confirmation from Apple regarding the launch of an MR headset, the prospect of such a device has been a topic of discussion and rumors for quite some time. With WWDC23 just around the corner, anticipation is high, and developers are eager to see what new tools and technologies Apple will unveil to help them create these “new worlds.”

Will Apple catch up in the AI race or risk being left behind?

Another area of interest for developers and tech enthusiasts is Apple’s position in the rapidly evolving field of Artificial Intelligence (AI). While Apple has made significant strides in AI with its Siri voice assistant and machine learning capabilities on iOS devices, many feel that the company is lagging behind competitors like Microsoft and Google in the AI race.

As WWDC23 approaches, many are curious to see if Apple will announce any significant advancements in AI, allowing them to catch up with their competitors, or if they risk falling further behind. With the theme of “code new worlds,” it’s possible that Apple may surprise us with innovative AI-driven technologies that could change the game and keep them at the forefront of the tech industry.

Apple’s Dedication to AI: Hiring Generative AI Experts and Impact on OpenAI

In addition to the potential unveiling of an MR headset, Apple’s growing efforts in the field of Artificial Intelligence (AI) are worth noting. The company has recently started hiring at least a dozen new experts in generative AI, seeking machine learning specialists for various teams. This hiring spree indicates Apple’s commitment to advancing its AI capabilities and could have a significant impact on the announcements made during WWDC23.

But make no mistake, Apple is making money with AI, and its infamous 30% cut, known as the “Apple Tax,” is also making headlines in the AI space, costing OpenAI millions. OpenAI’s ChatGPT Plus subscription, priced at $20 per month for iOS users, is subject to this fee, with Apple taking $6 from each subscription. This move highlights the ongoing debate surrounding Apple’s revenue-sharing policies and their impact on innovation in the tech industry.

Will Apple’s WWDC23 satisfy the expectations of fans and investors?

Let’s keep our hopes high!

Published
Categorized as AI, WWDC Tagged ,

The Cheapest Way to Use Chat GPT-4 on MAC

OpenAI’s most famous and revolutionary product, ChatGPT Plus, comes with a price tag of $20 per month, granting you access to both GPT-4 and GPT-3.5, with this features:

-Available even when demand is high

-Faster response speed

-Priority access to new features

This subscription provides you with more than enough chats per month; however, there are certain restrictions for GPT-4 (GPT-4 currently has a cap of 25 messages every 3 hours).

Nonetheless, if you have an application that allows you to use your own API, you will pay as you go and not only will it be more cost-effective, but you will also be able to use GPT-4 with fewer limitations.

Pricing:

Show full article

Unlocking ChatGPT’s Potential on iOS through OpenAI API: Forget about Expensive Subscriptions!

If you’re interested in using ChatGPT-4 on your iPhone, you have several options:

Opting for a costly subscription (ChatGPT or iOS apps that provide access to ChatGPT-4)

Utilizing GPT-3.5, which is available for free, either via OpenAI´s website or through third-party apps (e.g., Poe.com)

Employing OpenAI’s API, which grants access to GPT-3.5 by default, but allows you to join the waiting list for GPT-4 (Good luck with that, as some people wait weeks or months, while a lucky few only wait days)

Show full article