What Are Passkeys? A User-Friendly Authentication Weapon in the Battle Against Phishing

As technology evolves, so does the need for more secure and user-friendly authentication methods. Passkeys, based on industry standards for account authentication, offer a simple and secure way to sign in to apps and websites across platforms without the need for passwords.

We’ll explore what passkeys are, how they work, and why they’re an excellent alternative to traditional passwords.

Streamlined Sign-In Experience

Passkeys provide a quick and easy one-step account creation and sign-in process using Face ID or Touch ID. There’s no need to create or manage passwords, making the sign-in experience hassle-free. With passkeys synced through iCloud Keychain, they’re available across all Apple devices, and you can even use your iPhone to sign in to apps and websites on non-Apple devices.

Next-Generation Account Security

Passkeys are based on FIDO Alliance and W3C standards, replacing passwords with cryptographic key pairs that significantly enhance security:

– Strong Credentials: Passkeys are inherently strong and never guessable, reused, or weak.

– Safe from Server Leaks: Servers only store public keys, making them less attractive targets for hackers.

– Safe from Phishing: Passkeys are intrinsically linked to the app or website they were created for, preventing users from being tricked into signing in to fraudulent apps or websites.

Furthermore, passkeys stored in iCloud Keychain are end-to-end encrypted, ensuring a strong, private relationship between users and your app or website.

Seamless Integration with Passwords

Signing in with passkeys uses AutoFill and Face ID or Touch ID for biometric verification, allowing for a seamless transition to passkeys. Users can continue using passkeys alongside passwords without any adjustments to the sign-in page based on credential type. The new Authentication Services API enables developers to add passkeys and create familiar sign-in flows for users.

A User-Friendly Solution for Enhanced Security

Passkeys have emerged as a powerful tool in the fight against phishing attacks, offering a user-friendly authentication method that prioritizes security. By replacing traditional passwords with cryptographic key pairs, passkeys provide a secure and simplified sign-in experience that keeps users’ information safe from potential threats.
In addition to being easy to use, passkeys are intrinsically linked to the app or website they were created for, which means users cannot be tricked into signing in to fraudulent apps or websites. This unique feature makes passkeys an effective defense against phishing attacks, ensuring a safer online experience for users across various platforms.

 Services Supporting Passkeys

A growing number of popular services are embracing the use of passkeys for secure and user-friendly authentication. Here’s a list of some notable services that currently support passkeys:

– Google
– PayPal
– Cloudflare
– Shopify
– Kayak
– Yahoo! Japan
– CVS Health
– Hyatt
– Instacart
– Robinhood
– Mercari

As more services adopt passkeys, users can enjoy a seamless and secure sign-in experience across various platforms without the need for traditional passwords.

iOS Triangulation: A New Cyberattack Threatening iOS Users

Kaspersky’s CEO recently revealed a new cyberattack against iOS devices called Triangulation. The attack has already infected several dozen iPhones, including those of Kaspersky employees.

The Triangulation Attack

Triangulation is a cyberattack that targets iOS devices, specifically iPhones. It begins with an iMessage containing a malicious attachment. Once the attachment is received, it exploits a number of vulnerabilities in the iOS system to install spyware on the device, all without requiring any user action.

The spyware then proceeds to transmit private information to remote servers. This includes:

a) Microphone recordings,

b)Photos from instant messengers,

c) Geolocation data,

d) Information about various other activities.

The extent of the data breach and the potential impact on users’ privacy is significant.

Kaspersky’s Response

Upon discovering the Triangulation attack, Kaspersky took swift action to neutralize the threat. The company’s business processes and user data remain unaffected, and operations are continuing as normal. Kaspersky is confident that it was not the main target of this cyberattack and anticipates further details on the worldwide proliferation of the spyware in the coming days.

Russia Accuses NSA of Attacks

In a statement that coincides with Kaspersky’s report, Russia’s FSB intelligence and security agency has accused Apple of deliberately providing the NSA with a backdoor to infect iPhones in Russia with spyware. The FSB claims to have discovered malware infections on thousands of Apple iPhones belonging to Russian government officials and staff from the embassies of Israel, China, and several NATO member nations in Russia. However, the FSB has not provided any proof to support these allegations.

The Russian state has previously recommended that all presidential administration employees and members switch from using Apple iPhones and, if possible, give up American-made technology entirely.

Kaspersky’s Findings and FSB’s Report

Kaspersky confirmed to BleepingComputer that the attack impacted its headquarters office in Moscow and employees in other countries. However, the company stated it is in no position to verify a link between its findings and the FSB’s report, as they do not have the technical details of the government’s investigation.

Despite this, Russia’s CERT released an alert linking the FSB’s statement to Kaspersky’s report on the Triangulation cyberattack.