Another password manager is moving beyond passwords
Passwords have been keeping us safe online for years but, according to tech industry big wigs, they are not safe enough. For a while now a group calling themselves the FIDO Alliance, made up of some of the biggest names in tech from Google and Amazon to Intel, has been telling us just how insecure our passwords are and how something needs to be done about it. Passwordless authentication is the future then, and you know we have reached a tipping point when you get password manager apps actively moving away from passwords, with NordPass now the latest in a series of password managers to do so.
New upgrades from NordPass will enable passwordless authentication to work through the service. The FIDO Alliance’s main innovation in this regard has been passkeys, and this is what the NordPass update is enabling.
Passkeys are encrypted keys that are stored on other devices that allow you to access your accounts without having to come up with, store, or remember a password. They normally work by using the biometric security devices such as facial recognition or fingerprint sensors that many smartphones have these days. Following this update, NordPass users will, therefore, be able to store their passkeys in their vault and then access them using their biometric information.
Passkeys have already seen quite a bit of adoption with big-name companies implementing them across their sites, products, and services. Google has already added passkey functionality to Google Chrome and Android devices and Microsoft has also added it to Windows 11 while other popular websites that have them include the likes of eBay and PayPal. All Apple devices have passkey functionality too.
With password managers now actively helping move us away from using passwords it seems like it is only a matter of time before they will be gone altogether, and all major apps and services ask you to use them over passwords. Personally, I don’t think this is too bad a thing as having used passkeys I can say that they are much more convenient than having to input passwords all the time. However, judging on convenience alone puts the experience on a par with using a good password manager anyway.
If your password is leaked, you just set a new one.
If you biometric data is leaked, you are fucked.
What is wrong with 2 factor authentication?
This new contributor is promoting the AI digital prison with all his articles, he is more cunning than the dumb windows 11 promoter and therefore more dangerous. The readership cannot see that gHacks is not an independent tech site anymore but an agenda pushing social engineering tool and the founder and former owner of this site is on board as well.
It is well known in the physical security industry that biometrics, something you are and can’t be easily changed, should never be used as a primary or only authentication method. Instead they should be optional or only used as a secondary authentication in combination with a primary password/PIN, something you know (and can be easily changed). So this push by big tech (and governments) that passwords are bad is not really about security, but about trying to control you and what you have access to. Same reason they are pushing for a world wide digital currency.
No thanks. These significant corporations seek this to exercise total control. I’ll use the same password method I always use.
Big Tech intentions are all and only with Customer interests in mind..
some points:
– with passkeys a (biometric) device is mandatory (afaik) eg iris scanner or fingerprint sensor from your smartphone. = added artificial dependency. if you lose that device -> problems!
– your account/login is tied to the passkey. = no more sharing an account.
e.g you cant tell a 3. person to access something for you, while youre offline or disabled
e.g no more netflix sharing,
– if someone wants to get your credentials by force (eg criminals or auhorities) they just need to grab your device and hold it in front of your face or take your thumb.
my tip: instead of getting dumbed down even more by convenience, try to train your own app – brain v1. Bonus: it gets better the more you use it. memorizing good passwords is not rocketscience.
Biometric security sounds great and may be the ultimate uncrackable security. However, what is done with the biometrics signatures? Your smartphone, computer, whatever, stores them but could/can also send them on.
After all, why is Big Tech, which is in bed with governments, so keen to implement biometric recognition?
Biometrics security measures in their current state are easily fooled. You can find more than enough examples on the internet for that.
Conceptually, biometric security does sound great. The problem lies in execution. And if you encounter people with a “great desire” to have what you have, be happy that you used only your pinky for fingerprint checks as you won’t be affected too much when you involuntary lose that finger.
Also, once biometrics are compromised, it is easy enough to reconfigure the biometrics to another person and have fun getting your ID theft sorted out then. You’ll be a ball to play with for any organization, criminal and government.
Proponents of biometric security only think of the “happy flow” of events. People in the computer field are aware that there is also the “unhappy flow”. Determined people happily sacrifice your means of biometric security for their gains. That is about as “unhappy” a flow can get.
Nah, I’ll keep my passwords for a while longer.
@Gerold manders: thanks for that detailed reply. In view of the uncertainty and *in*security I came to the same conclusion as you: I’ll keep my passwords locked up in my passphrased paasword manager a while longer.
NordPass is not open source. If Big Tech were so concerned about security, why not come up with an open source system?
Biggest issue I have with this new method is what happens if I lose access to my device? It’s not beyond the realms of possibility. Passwords are more than secure enough, for now.