Tag • #passkeys

chevron_right

Google announces new algorithm that makes FIDO encryption safe from quantum computers

news.movim.eu / ArsTechnica · Friday, 18 August, 2023 - 20:01

Google announces new algorithm that makes FIDO encryption safe from quantum computers

Enlarge (credit: Getty Images)

The FIDO2 industry standard adopted five years ago provides the most secure known way to log in to websites because it doesn’t rely on passwords and has the most secure form of built-in two-factor authentication. Like many existing security schemes today, though, FIDO faces an ominous if distant threat from quantum computing, which one day will cause the currently rock-solid cryptography the standard uses to completely crumble.

Over the past decade, mathematicians and engineers have scrambled to head off this cryptopocalypse with the advent of PQC—short for post-quantum cryptography—a class of encryption that uses algorithms resistant to quantum-computing attacks. This week, researchers from Google announced the release of the first implementation of quantum-resistant encryption for use in the type of security keys that are the basic building blocks of FIDO2.

The best known implementation of FIDO2 is the passwordless form of authentication: passkeys. So far, there are no known ways passkeys can be defeated in credential phishing attacks. Dozens of sites and services now allow users to log in using passkeys, which use cryptographic keys stored in security keys, smartphones, and other devices.

Read 7 remaining paragraphs | Comments

chevron_right

TikTok fait sa mue : il n’y a plus vraiment besoin de mot de passe pour se connecter

news.movim.eu / Numerama · Wednesday, 19 July, 2023 - 07:44

Le mot de passe n'est plus tout à fait nécessaire pour se connecter à son compte TikTok : les passkeys arrivent, sur iOS pour commencer. L'application rejoint ainsi un mouvement croissant qui entend en finir avec les mots de passe, qui posent trop de problèmes. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

chevron_right

L’après-mot de passe pour 1Password, c’est maintenant

news.movim.eu / Numerama · Wednesday, 7 June, 2023 - 12:20

mot de passe passkey

Comme d'autres gestionnaires de mots de pass, 1Password se prépare au monde d'après. Le logiciel commence à s'ouvrir aux passkeys. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

chevron_right

Passkeys may not be for you, but they are safe and easy—here’s why

news.movim.eu / ArsTechnica · Friday, 12 May, 2023 - 20:43

Passkeys may not be for you, but they are safe and easy—here’s why

Enlarge (credit: Aurich Lawson | Getty Images)

My recent feature on passkeys attracted significant interest, and a number of the 1,100+ comments raised questions about how the passkey system actually works and if it can be trusted. In response, I've put together this list of frequently asked questions to dispel a few myths and shed some light on what we know—and don't know—about passkeys.

Q: I don’t trust Google. Why should I use passkeys?

A: If you don’t use Google, then Google passkeys aren’t for you. If you don’t use Apple or Microsoft products, the situation is similar. The original article was aimed at the hundreds of millions of people who do use these major platforms (even if grudgingly).

Read 32 remaining paragraphs | Comments

chevron_right

Passwordless Google accounts are easier and more secure than passwords. Here’s why.

news.movim.eu / ArsTechnica · Monday, 8 May, 2023 - 13:50 · 1 minute

Passwordless Google accounts are easier and more secure than passwords. Here’s why.

Enlarge (credit: Aurich Lawson | Getty Images)

By now, you’ve likely heard that passwordless Google accounts have finally arrived . The replacement for passwords is known as "passkeys."

There are many misconceptions about passkeys, both in terms of their usability and the security and privacy benefits they offer compared with current authentication methods. That’s not surprising, given that passwords have been in use for the past 60 years, and passkeys are so new. The long and short of it is that with a few minutes of training, passkeys are easier to use than passwords, and in a matter of months—once a dozen or so industry partners finish rolling out the remaining pieces—using passkeys will be easier still. Passkeys are also vastly more secure and privacy-preserving than passwords, for reasons I'll explain later.

This article provides a primer to get people started with Google's implementation of passkeys and explains the technical underpinnings that make them a much easier and more effective way to protect against account takeovers. A handful of smaller sites—specifically, PayPal, Instacart, Best Buy, Kayak, Robinhood, Shop Pay, and Cardpointers—have rolled out various options for logging in with passkeys, but those choices are more proofs of concept than working solutions. Google is the first major online service to make passkeys available, and its offering is refined and comprehensive enough that I’m recommending people turn them on today.

Read 24 remaining paragraphs | Comments

chevron_right

Proton va aussi sécuriser vos mots de passe avec son propre gestionnaire

news.movim.eu / Numerama · Thursday, 20 April, 2023 - 10:01

Proton Pass

Proton annonce le lancement d'un gestionnaire de mots de passe, appelé Proton Pass. Disponible en bêta pour le web et les applications mobiles iOS et Android. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

chevron_right

The time has come: GitHub expands 2FA requirement rollout March 13

news.movim.eu / ArsTechnica · Friday, 10 March, 2023 - 22:36

Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub )

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13 . That mandate will extend to all user accounts by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA—far lower than you'd expect from technologists who ought to know the value of it.

Read 7 remaining paragraphs | Comments

chevron_right

Dashlane s&#8217;engouffre dans Android 14 pour gérer les passkeys

news.movim.eu / Numerama · Friday, 3 March, 2023 - 15:43

Dashlane app

Comme d'autres gestionnaires de mots de passe, Dashlane suit de très près l'arrivée des passkeys. L'éditeur veut proposer une solution pour gérer ces codes plus sûrs que les mots de passe, et Android 14 va lui en offrir la possibilité. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

chevron_right

7 questions sur les passkeys, qui cherchent à tuer tous vos mots de passe

news.movim.eu / Numerama · Friday, 3 March, 2023 - 06:40

passkey

La sécurité informatique est à l'aube d'une révolution avec l'arrivée des passkeys. Ces clés d'accès ambitionnent de remplacer les mots de passe. Sur bien des critères, ils leur sont supérieurs. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/