Artwork for podcast Byte Sized Security
Ep14: The Future of Authentication: Passkeys Explained
Episode 131st October 2023 • Byte Sized Security • Marc David
00:00:00 00:05:30

Share Episode

Shownotes

Episode Overview:

In this episode, I had the pleasure of sitting down with Dr. Lillian Hartfield to discuss the transformative approach to authentication: Passkeys. We delved deep into what passkeys are, how they differ from traditional passwords, and the reasons behind their rising popularity.

Key Discussion Points:

  1. Introduction to Passkeys
  2. Dr. Hartfield provided a comprehensive overview of passkeys and their advantages over traditional passwords.
  3. The Problem with Current Password Systems
  4. We discussed the challenges users face with complex passwords and the security risks associated with password reuse.
  5. Enhanced Security with Passkeys
  6. Dr. Hartfield shed light on how passkeys leverage public-key cryptography to offer a more secure authentication method.
  7. The Process of Creating and Using Passkeys
  8. We walked through the user-friendly process of setting up and using passkeys for online authentication.
  9. Device and Platform Support for Passkeys
  10. Dr. Hartfield highlighted the widespread adoption of passkeys across various devices and platforms.
  11. Password Managers and Passkeys
  12. We touched upon the integration of passkeys in password managers, with a special mention of 1Password.
  13. The Future of Passkeys
  14. Dr. Hartfield shared her insights on the potential of passkeys to replace traditional passwords in the near future.

Episode Highlights:

  • "Passkeys offer a more secure and user-friendly alternative to passwords." - Dr. Lillian Hartfield
  • "Password managers like 1Password are evolving to support passkeys, ensuring users have a centralized, secure location for authentication." - Dr. Lillian Hartfield

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

Sites Mentioned in this Episode

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

Transcripts

Marc:

Hello listeners, and welcome back to Byte Sized Security.

2

:

Today, we're diving into a topic

that's reshaping the landscape

3

:

of online security: Passkeys.

4

:

With us is Dr.

5

:

Lillian Hartfield, Chief of Cybersecurity

Innovations at SecureTech Solutions.

6

:

Dr.

7

:

Hartfield, welcome to the show.

8

:

Nancy: Thank you Marc.

9

:

It's a pleasure to be here and

discuss this transformative

10

:

approach to authentication.

11

:

Marc: Let's start at the beginning.

12

:

What exactly are passkeys, and how do

they differ from traditional passwords?

13

:

Nancy: Great question Marc.

14

:

Passkeys are a new type of login

credential that allows users

15

:

to access sites and services

without entering a password.

16

:

They're built on the WebAuthentication or

WebAuthn standard, which uses public-key

17

:

cryptography to enhance account security.

18

:

The beauty of passkeys is that

there's nothing to remember, and

19

:

they're stored in an encrypted

format on your devices, making them

20

:

more secure against data breaches.

21

:

Marc: That sounds promising.

22

:

But why are we moving towards passkeys?

23

:

What's the problem with our

current password system?

24

:

Nancy: The first digital password

was invented back in:

25

:

since then, passwords have become an

integral part of our digital lives.

26

:

However, as they've become more

complex, people struggle to remember

27

:

them, leading to password reuse

and the use of simple passwords.

28

:

This poses significant security risks.

29

:

Passkeys aim to address these

challenges by offering a more secure

30

:

and user-friendly alternative.

31

:

Marc: So, how do passkeys enhance security

compared to traditional passwords?

32

:

Nancy: Passkeys leverage

public-key cryptography.

33

:

When you use a passkey, you have

both a private and a public key.

34

:

The public key is stored on a

company's servers, while the private

35

:

key remains on your device, making it

challenging for cybercriminals to steal.

36

:

Unlike passwords, which can be

phished, passkeys can't be easily

37

:

compromised in phishing attacks.

38

:

Marc: That's reassuring.

39

:

Can you walk us through the process

of creating and using passkeys?

40

:

Nancy: Certainly.

41

:

When you visit a website that

supports passkeys, you can

42

:

create an account secured by a

passkey instead of a password.

43

:

During the setup, the site will ask

you to confirm your authenticator,

44

:

which could be your smartphone or a

password manager that supports passkeys.

45

:

The authenticator generates

related public and private keys.

46

:

When logging in, the site's server

sends a challenge to the authenticator,

47

:

which your private key solves, allowing

for a secure and swift login process.

48

:

Marc: What devices currently

support passkeys, and how

49

:

widespread is their adoption?

50

:

Nancy: Passkeys are compatible

with many modern devices.

51

:

Tech giants like Microsoft,

Google, and Apple have worked

52

:

collaboratively to develop them.

53

:

Apple's iOS 16 introduced

passkeys, utilizing Touch ID

54

:

and Face ID for authentication.

55

:

Android devices store passkeys

using the Google Password Manager.

56

:

As for web browsers, Chrome,

Edge, Safari, and Firefox all

57

:

currently support passkeys.

58

:

Major brands like eBay, PayPal,

Best Buy, and Nvidia have

59

:

also embraced this technology.

60

:

Marc: That's quite a range of support.

61

:

But what about password managers?

62

:

Do any of them support passkeys?

63

:

Nancy: Absolutely Marc.

64

:

Password managers are evolving

alongside this shift towards passkeys.

65

:

One notable example is 1Password,

which allows users to store

66

:

passkeys within the manager itself.

67

:

This offers an alternative to

storing passkeys in a device's

68

:

keychain or other storage.

69

:

By integrating passkeys, password

managers are further enhancing their

70

:

value proposition, ensuring users

have a centralized, secure location

71

:

for all their authentication needs.

72

:

Marc: What happens if someone

upgrades their smartphone?

73

:

How are passkeys transferred?

74

:

Nancy: When you upgrade, passkeys can be

seamlessly transferred to the new device.

75

:

On Android, encryption keys

are securely transferred during

76

:

the setup of a new phone.

77

:

For Apple users, passkeys are stored in

the iCloud Keychain, ensuring a smooth

78

:

transition when switching devices.

79

:

Marc: Lastly, do you foresee

passkeys replacing passwords

80

:

entirely in the future?

81

:

Nancy: While passwords have been around

for a long time, the push for passkeys

82

:

from industry leaders suggests a

shift towards this more secure method.

83

:

It might take time, but with the

advantages passkeys offer, we could

84

:

see a significant reduction in password

reliance over the next few years.

85

:

Marc: Dr.

86

:

Hartfield, thank you for shedding

light on this fascinating topic.

87

:

It's been a pleasure

having you on the show.

88

:

Nancy: Thank you Marc.

89

:

It's essential for everyone to stay

informed about the evolving landscape

90

:

of cybersecurity, and I'm glad to

have been a part of this discussion.

91

:

Marc: And to our listeners, thank you

for joining us on Byte Sized Security.

92

:

Stay safe, stay informed, and we'll

catch you in the next episode.

93

:

Please share this podcast if you find it

valuable by telling people to visit byte

94

:

sized security dot show and subscribe.

95

:

And give a review on whatever

platform you listen to this podcast.

96

:

It would be most appreciated.

Links

Chapters

Video

More from YouTube