Passkeys? Is this covered in any Cybersecurity-focused CompTIA course?
If so, which one(s)?
A passkey is a sort of digital identification, that's interlocked to any individual's account, on a given
app or website. That may sound a little like a password, but not quite - there's an important distinction.
Passkeys are bilateral authentication, that have two separate components: a private key, and a public key.
The private key is stored locally on the user's device (computer, phone, etc.). When logging in with a
passkey, the public and private key pair give a user access to his/her account.
Here's where is gets good: Passkeys are more secure than traditional passwords!!!
Passkeys are more secure because they are never stored on any server, and instead reside as an encrypted
key on the user's personal device. And, like passwords, they can be paired to biometrics, like facial recognition
or fingerprint authentication, to initiate the login process. Even if a hacker got were able to get an individual's
device, they’d need the biometrics associated with that individual, to access any accounts, which is significantly
harder than brute forcing a poor-quality traditional password - you know, like "Password1234".
A passkey is a locally stored, system-generated cryptographic key.
Passkeys are completely unique. Almost sounds like a hash!
Passkeys are infinitely more difficult for nefarious actors to exploit.
This is a biggie: Passkeys are phishing-resistant!!!!!!!
Again, what's the #1 attack vector? Ah, you remembered: PHISHING!!!!
Don't I have anything to say about passwords? Yes - passwords are susceptible to breaches and hacks :-(
The END!
If so, which one(s)?
A passkey is a sort of digital identification, that's interlocked to any individual's account, on a given
app or website. That may sound a little like a password, but not quite - there's an important distinction.
Passkeys are bilateral authentication, that have two separate components: a private key, and a public key.
The private key is stored locally on the user's device (computer, phone, etc.). When logging in with a
passkey, the public and private key pair give a user access to his/her account.
Here's where is gets good: Passkeys are more secure than traditional passwords!!!
Passkeys are more secure because they are never stored on any server, and instead reside as an encrypted
key on the user's personal device. And, like passwords, they can be paired to biometrics, like facial recognition
or fingerprint authentication, to initiate the login process. Even if a hacker got were able to get an individual's
device, they’d need the biometrics associated with that individual, to access any accounts, which is significantly
harder than brute forcing a poor-quality traditional password - you know, like "Password1234".
A passkey is a locally stored, system-generated cryptographic key.
Passkeys are completely unique. Almost sounds like a hash!
Passkeys are infinitely more difficult for nefarious actors to exploit.
This is a biggie: Passkeys are phishing-resistant!!!!!!!
Again, what's the #1 attack vector? Ah, you remembered: PHISHING!!!!
Don't I have anything to say about passwords? Yes - passwords are susceptible to breaches and hacks :-(
The END!
