Rassegna Stampa

LBIT soluzioni informatiche
  • Categorie
  • Creative
    • Design
    • Ilustrazioni
  • Fotografia
  • Web
    • SEO
    • Mobile
    • Social
  • Marketing
  • ICT
  • Security
  • News
    • Economia
    • CRIME E CORRUPTION
  • Autori

Passkey technology is elegant, but it’s most definitely not usable security

 30 Dicembre 2024   News, Security
image_pdfimage_print

Dialog box finally allows the creation of a passkey on a security key.

The dueling dialogs in this example are by no means unique to macOS.

Too many cooks in the kitchen

“Most try to funnel you into a vendor’s sync passkey option, and don’t make it clear how you can use other things,” Brown noted. “Chrome, Apple, Windows, all try to force you to use their synced passkeys by default, and you have to click through prompts to use alternatives.”

Bruce Davie, another software engineer with expertise in authentication, agreed, writing in an October post that the current implementation of passkeys “seems to have failed the ‘make it easy for users’ test, which in my view is the whole point of passkeys.”

In April, Son Nguyen Kim, the product lead for the free Proton Pass password manager, penned a post titled Big Tech passkey implementations are a trap. In it, he complained that passkey implementations to date lock users into the platform they created the credential on.

“If you use Google Chrome as your browser on a Mac, it uses the Apple Keychain feature to store your passkeys,” he wrote. “This means you can’t sync your passkeys to your Chrome profile on other devices.” In an email last month, Kim said users can now override this option and choose to store their passkeys in Chrome. Even then, however, “passkeys created on Chrome on Mac don’t sync to Chrome in iPhone, so the user can’t use it seamlessly on Chrome on their iPhone.”

Other posts reciting similar complaints are here and here.

In short, there are too many cooks in the kitchen, and each one thinks they know the proper way to make pie.

I have put these and other criticisms to the test over the past four months. I have used them on a true heterogeneous environment that includes a MacBook Air, a Lenovo X1 ThinkPad, an iPhone, and a Pixel running Firefox, Chrome, Edge, Safari, and on the phones, a large number of apps, including those for LinkedIn, PayPal, eBay, Kayak, Gmail, Amazon, and Uber. My objective has been to understand how well passkey-based authentication works over the long term, particularly for cross-platform users.

https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

<< 20 Media Executives Offer Their Predictions for 2025 You can love or hate AI, but it’s killed crappy 8GB versions of pricey PCs and Macs >>

Evidenziatore

Cerca

Tag

5G AI apertura apple Articoli attualita' Biz & IT Cars Cybercrime Cybersecurity Dailyletter economia Energia facebook false Finance Gaming & Culture General Google In evidenza Intelligenza Artificiale Internet Leadership & Talent malware Mappamondo Media microsoft News NEWS&INDUSTRY News and Trends Platforms Policy PPC Privacy RSS Science SEO Social media Social Pro Daily space Stocks Tech Telecoms Voice Vulnerabilities

Ricerca avanzata

Related Post

  • Google makes it easier for users to switch on advanced account protection
  • It’s a hot 0-day summer for Apple, Google, and Microsoft security fixes
  • Google Workspace Gets Passkey Authentication
  • Passkeys may not be for you, but they are safe and easy—here’s why
  • Passwordless Google accounts are easier and more secure than passwords. Here’s why.
  • Passwordless Google accounts are here—you can now switch to passkey-only
  • Apple has finally embraced key-based 2FA. So should you

Rassegna è il portale di aggiornamento della LBIT s.r.l.s.Sviluppato da MyWiki WordPress Theme