Even the password manager 1Password goes to the “passkey”. The company has just confirmed that it will allow users of its service to abandon password authentication in favor of the digital password key. A tool that should make it possible to prove more securely that you are indeed the legitimate user.
To identify himself with this type of key, stored on your device, whether it is your smartphone or your laptop, the user must be in possession of his terminal. In concrete terms, a passkey is the combination of two encrypted keys, one public, shared with third-party services, the other private, stored on the terminal, thus allowing you to show your credentials. This should make fraudulent access to an account by a cybercriminal much more difficult.
We’re all in on passkeys, and we’re starting with 1Password.
This summer, you’ll have the option to create and unlock your 1Password account using only a passkey – no password required. ?
Dive into what this means for you and our passwordless future.https://t.co/r2cdAuYXZ2 pic.twitter.com/THvxfsI3LB
— 1Password (@1Password) February 9, 2023
Feature expected later this year
For 1Password, it is therefore better to abandon the password in view of the intrinsic flaws of this security model. For example, he is accused of being too vulnerable to phishing attacks. Password theft is often the starting point for major cybersecurity incidents. “Instead of playing a cat-and-mouse game with passwords, why not eliminate” the threat of theft altogether, Steve Won, chief product officer at 1Password, recalled in a blog post. .
So, starting this year, 1Password users will be able to use a security key to unlock their password manager instead of using a password. The availability of the new service is expected for the summer. The feature is first expected to be introduced early this year starting with the service being offered as a browser extension.
Unique keys
“Unlike user-created passwords, passkeys are unique. They are generated and stored on your devices, and are never shared with our cloud service,” explains Steve Won. Passkeys are generally linked to biometrics, such as facial recognition or a fingerprint, to a pin code or even to a diagram drawn on a screen.
Passkeys should therefore allow an additional layer of security to be added to the service provided by the company. Because if the use of a password manager is strongly recommended to improve your online security, the latter are also protected by a password that can be compromised.
The company is following in the footsteps of the tech giants. Apple announced last summer the implementation of passkeys to facilitate the identification of their accounts for its iPhone or iPad users, just like Microsoft and Google who have their own projects in their boxes. A movement that could also ultimately reduce the interest of using a password manager.
Source: ZDNet.com