Episode 13

full
Published on:

1st Oct 2023

Ep14: The Future of Authentication: Passkeys Explained

Episode Overview:

In this episode, I had the pleasure of sitting down with Dr. Lillian Hartfield to discuss the transformative approach to authentication: Passkeys. We delved deep into what passkeys are, how they differ from traditional passwords, and the reasons behind their rising popularity.

Key Discussion Points:

  1. Introduction to Passkeys
  2. Dr. Hartfield provided a comprehensive overview of passkeys and their advantages over traditional passwords.
  3. The Problem with Current Password Systems
  4. We discussed the challenges users face with complex passwords and the security risks associated with password reuse.
  5. Enhanced Security with Passkeys
  6. Dr. Hartfield shed light on how passkeys leverage public-key cryptography to offer a more secure authentication method.
  7. The Process of Creating and Using Passkeys
  8. We walked through the user-friendly process of setting up and using passkeys for online authentication.
  9. Device and Platform Support for Passkeys
  10. Dr. Hartfield highlighted the widespread adoption of passkeys across various devices and platforms.
  11. Password Managers and Passkeys
  12. We touched upon the integration of passkeys in password managers, with a special mention of 1Password.
  13. The Future of Passkeys
  14. Dr. Hartfield shared her insights on the potential of passkeys to replace traditional passwords in the near future.

Episode Highlights:

  • "Passkeys offer a more secure and user-friendly alternative to passwords." - Dr. Lillian Hartfield
  • "Password managers like 1Password are evolving to support passkeys, ensuring users have a centralized, secure location for authentication." - Dr. Lillian Hartfield

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

Sites Mentioned in this Episode

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

Transcript
Marc:

Hello listeners, and welcome back to Byte Sized Security.

2

:

Today, we're diving into a topic

that's reshaping the landscape

3

:

of online security: Passkeys.

4

:

With us is Dr.

5

:

Lillian Hartfield, Chief of Cybersecurity

Innovations at SecureTech Solutions.

6

:

Dr.

7

:

Hartfield, welcome to the show.

8

:

Nancy: Thank you Marc.

9

:

It's a pleasure to be here and

discuss this transformative

10

:

approach to authentication.

11

:

Marc: Let's start at the beginning.

12

:

What exactly are passkeys, and how do

they differ from traditional passwords?

13

:

Nancy: Great question Marc.

14

:

Passkeys are a new type of login

credential that allows users

15

:

to access sites and services

without entering a password.

16

:

They're built on the WebAuthentication or

WebAuthn standard, which uses public-key

17

:

cryptography to enhance account security.

18

:

The beauty of passkeys is that

there's nothing to remember, and

19

:

they're stored in an encrypted

format on your devices, making them

20

:

more secure against data breaches.

21

:

Marc: That sounds promising.

22

:

But why are we moving towards passkeys?

23

:

What's the problem with our

current password system?

24

:

Nancy: The first digital password

was invented back in:

25

:

since then, passwords have become an

integral part of our digital lives.

26

:

However, as they've become more

complex, people struggle to remember

27

:

them, leading to password reuse

and the use of simple passwords.

28

:

This poses significant security risks.

29

:

Passkeys aim to address these

challenges by offering a more secure

30

:

and user-friendly alternative.

31

:

Marc: So, how do passkeys enhance security

compared to traditional passwords?

32

:

Nancy: Passkeys leverage

public-key cryptography.

33

:

When you use a passkey, you have

both a private and a public key.

34

:

The public key is stored on a

company's servers, while the private

35

:

key remains on your device, making it

challenging for cybercriminals to steal.

36

:

Unlike passwords, which can be

phished, passkeys can't be easily

37

:

compromised in phishing attacks.

38

:

Marc: That's reassuring.

39

:

Can you walk us through the process

of creating and using passkeys?

40

:

Nancy: Certainly.

41

:

When you visit a website that

supports passkeys, you can

42

:

create an account secured by a

passkey instead of a password.

43

:

During the setup, the site will ask

you to confirm your authenticator,

44

:

which could be your smartphone or a

password manager that supports passkeys.

45

:

The authenticator generates

related public and private keys.

46

:

When logging in, the site's server

sends a challenge to the authenticator,

47

:

which your private key solves, allowing

for a secure and swift login process.

48

:

Marc: What devices currently

support passkeys, and how

49

:

widespread is their adoption?

50

:

Nancy: Passkeys are compatible

with many modern devices.

51

:

Tech giants like Microsoft,

Google, and Apple have worked

52

:

collaboratively to develop them.

53

:

Apple's iOS 16 introduced

passkeys, utilizing Touch ID

54

:

and Face ID for authentication.

55

:

Android devices store passkeys

using the Google Password Manager.

56

:

As for web browsers, Chrome,

Edge, Safari, and Firefox all

57

:

currently support passkeys.

58

:

Major brands like eBay, PayPal,

Best Buy, and Nvidia have

59

:

also embraced this technology.

60

:

Marc: That's quite a range of support.

61

:

But what about password managers?

62

:

Do any of them support passkeys?

63

:

Nancy: Absolutely Marc.

64

:

Password managers are evolving

alongside this shift towards passkeys.

65

:

One notable example is 1Password,

which allows users to store

66

:

passkeys within the manager itself.

67

:

This offers an alternative to

storing passkeys in a device's

68

:

keychain or other storage.

69

:

By integrating passkeys, password

managers are further enhancing their

70

:

value proposition, ensuring users

have a centralized, secure location

71

:

for all their authentication needs.

72

:

Marc: What happens if someone

upgrades their smartphone?

73

:

How are passkeys transferred?

74

:

Nancy: When you upgrade, passkeys can be

seamlessly transferred to the new device.

75

:

On Android, encryption keys

are securely transferred during

76

:

the setup of a new phone.

77

:

For Apple users, passkeys are stored in

the iCloud Keychain, ensuring a smooth

78

:

transition when switching devices.

79

:

Marc: Lastly, do you foresee

passkeys replacing passwords

80

:

entirely in the future?

81

:

Nancy: While passwords have been around

for a long time, the push for passkeys

82

:

from industry leaders suggests a

shift towards this more secure method.

83

:

It might take time, but with the

advantages passkeys offer, we could

84

:

see a significant reduction in password

reliance over the next few years.

85

:

Marc: Dr.

86

:

Hartfield, thank you for shedding

light on this fascinating topic.

87

:

It's been a pleasure

having you on the show.

88

:

Nancy: Thank you Marc.

89

:

It's essential for everyone to stay

informed about the evolving landscape

90

:

of cybersecurity, and I'm glad to

have been a part of this discussion.

91

:

Marc: And to our listeners, thank you

for joining us on Byte Sized Security.

92

:

Stay safe, stay informed, and we'll

catch you in the next episode.

93

:

Please share this podcast if you find it

valuable by telling people to visit byte

94

:

sized security dot show and subscribe.

95

:

And give a review on whatever

platform you listen to this podcast.

96

:

It would be most appreciated.

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.