InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. The role of Passkeys in Cyber Resilience and Cyber Security
AI generated image of a key hole overlayed by a finger print on a cyber background. Data protection education logo on the bottom right of the image
Information/Cyber Security

The role of Passkeys in Cyber Resilience and Cyber Security

🗝️🛡️ In a world where cyber attacks are becoming increasingly sophisticated, protecting sensitive information and user accounts has never been more critical. Traditional passwords are rapidly being replaced by a more advanced and secure solution: passkeys. This article explores the benefits of passkeys, their role in preventing cyber attacks, and what to do if a system does not yet support them.

What Are Passkeys?

Passkeys are digital credentials designed to replace traditional passwords. Unlike passwords, which rely on a secret string of characters stored on servers, passkeys use public key cryptography. Each passkey consists of two keys: a public key stored with the service provider and a private key stored securely on the user’s device.

Authentication with a passkey typically involves biometric verification (such as facial recognition or a fingerprint scan) or a device-specific PIN. Major technology companies like Apple, Google, and Microsoft have embraced passkey technology to reduce reliance on vulnerable password systems.

Why do we need passkeys?

Most cyber crime that affects individuals and organisations occur through the use of legitimate credentials, i.e. guessed/stolen passwords.

Passkeys offer protection against:

🛡️ Phishing - passkeys cannot be phished.
🛡️ Credential Stuffing - using stolen passwords from one site to access other accounts).
🛡️ Brute Force Attacks -there is no password to guess as they are generated securely.
🛡️ Data Breach Security - they are unique for each website so if one website is compromised it doesn't put your other logins at risk.
🛡️ Human error - no weak or shared passwords.

Benefits of Passkeys

🗝️ Enhanced Security: Strong cryptographic foundations make passkeys far superior to traditional passwords in resisting cyber threats.

🗝️ Ease of Use: Passkeys streamline the login process, often requiring just a fingerprint or face scan, making authentication faster and more convenient.

🗝️ Universal Compatibility: Passkeys work across different platforms and devices, enabling seamless, password-free access to online accounts.


The NCSC are not yet ready to recommend passkeys as the main authentication option due to remaining problems:

❗Inconsistent support and experiences
❗Device loss scenarios
❗Migration issues
❗Account recovery processes
❗Platform differences
❗Suitability for all scenarios

Further information about using passkeys can be read in the NCSC blog 👉 Passkeys not perfect but getting better
   Knowledge Bank Support & Guidance
We would advise reviewing our Cyber Security Best Practice Area and our DfE Digital Standards Overview if you are a school or multi academy trust.
©2024 Data Protection Education Ltd.

Search

  • News
  • Keep In the Know