If passkeys offer much better security compared to passwords to connect to a service, certain tech players would use them to force users to stay in their hardware and software ecosystem.
Passwords are a thing of the past, now it’s time for passkeys. After several years of research and testing, the various major tech players have converted to passkeys, these biometric identifiers replacing traditional passwords. The latter now account for 80% of personal data recovery and pose real security problems. Passkeys use biometric identification, fingerprint or facial recognition to allow users to connect securely. Authentication is thus encrypted and theoretically unfalsifiable. If the passkey is slowly, but surely, starting to become part of the habits of Internet users, some smaller players do not look very favorably on the control of the web giants on this technology, like Proton.
Simpler and more secure biometric authentication to connect to its services
The publisher Proton, well known for its VPN services with Proton VPN, or its client Proton Mail, has just published a blog note to alert users of the dangers of the practices of companies like Apple or Google with passkeys.
The two behemoths indeed offer biometric authentication in their respective products. In the case of Apple, it is possible to use iCloud Keychain, the manufacturer’s password management system, to record the various biometric identifications for its own services, as well as for third-party platforms. Google offers the same type of operation, with passwords stored securely in the password manager developed by the search engine.
Proton nevertheless affirms that if the support of this technology by the largest digital players goes in the right direction, the two companies also use passkeys to lock their customers a little more into a software and hardware ecosystem.
Apple and Google would pervert passkeys to lock their users into their ecosystems
Indeed, it is very difficult today to transfer your passkeys from one platform to another, and to make them interoperable with other systems. Passkeys generated by an Apple device are synchronized, via iCloud, across all of the brand’s devices owned by the same user. To add them to an Android device, things are more complex, and require for example the use of a QR code, or the creation of a new passkey reserved for Android.
Same thing with Google services, which forces its users’ hand to encourage them to use its password manager, and avoid using competing software. Also, it is not possible to use a passkey generated in Chrome on a web browser like Firefox.
Obviously, Proton is using this blog post to tout the merits of Proton Pass, its password manager that is interoperable with all mobile and desktop operating systems, including passkey support.
However, despite its advertising, Proton puts its finger on an important subject and urges the most important publishers on the market to make the passkey an equivalent of HTTPS technology for connection to the website, adopted today by all sites web and publishers. Thus, user data, and by extension the web, would be much more secure than they are today, in a simple and perfectly transparent way for users.
7
See the offer Read the conclusion
Proton Pass
- The mobile application, pleasant to use
- Offline mode
- Windows desktop version
- Alias creation included
- Security
- Generous free version
- Browser extensions to improve
- Some hiccups during registration
- Password changes are not taken into account correctly
Source : Proton
Grand master of robot vacuum cleaners and home automation who lives in a “house of the future”. I also like talking about films and series on the internet. Eternal padawan, curious about everything related to new technologies.
Read other articles
4