German government wants to replace passwords with passkeys
The German government wants to replace passwords as an authentication mechanism with passkeys, as they are considered much safer.
Passkeys are an authentication method based on WebAuthn, which is short for Web Authentication. This technology allows providers of social media platforms and other websites to build strong authentication into their services by using registered customer devices, such as a smartphone or laptop.
Passkeys are based on the principles of asymmetric cryptography, meaning there are two sets of keys. The public key is stored on the website providing a service, and the private key is kept on your personal device. If both keys match, your identity is verified, and you’ll gain access to your account.
In other words, passkeys aren’t based on the transmission of a fixed, static value, such as a password, but rather on a challenge-response process in which users cryptographically sign a message with a complex, randomly generated one-time value transmitted by the other party. That makes them safer than passwords.
Another major advantage of passkeys is that they are resistant to phishing and man-in-the-middle attacks, and you don’t have to remember them because passkeys are generated automatically. Unlike passwords, passkeys can’t be forgotten as they are stored on your device.
Lastly, every online account has a unique passkey. Passwords, on the other hand, can be used for numerous sites, making it a riskier choice.
“We have to make cybersecurity as simple as possible and robust at the same time. Passkeys are a perfect example of how technical solutions can be used to meet technical challenges,” Claudia Plattner, President of the Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, says in a statement, rooting for a general adoption of passkeys in Germany.
However, solely using passkeys comes with risks as well. Security researchers from cybersecurity firm Proofpoint warned that scammers can bypass this authentication method by downgrading to less secure methods for signing in.
In January, the United Kingdom’s National Cyber Security Centre (NCSC) warned that several issues are currently preventing widespread passkey adoption, including inconsistent support and experiences, device loss scenarios, migration issues, platform differences, and account recovery processes.
