Tag: Passkeys

Access keys are revolutionizing digital access

In the ongoing evolution of cybersecurity, passkeys are emerging as a convenient solution for accessing accounts without the need for traditional passwords. This system uses cryptography to authenticate the user, allowing unlocking through biometric methods such as fingerprint or facial recognition, as well as PINs. Thus, it eliminates one of the biggest inconveniences of today’s digital life: the need to remember multiple passwords. Change is coming One of the main benefits of passkeys is their resistance to phishing. Unlike passwords that can be stolen through […]

In the continuous evolution of cybersecurity, passkeys are emerging as a convenient solution for accessing accounts without the need for traditional passwords. This system uses cryptography to authenticate the user, allowing unlocking through biometric methods such as fingerprint or facial recognition, as well as PINs. Thus, it eliminates one of the biggest inconveniences of today’s digital life: the need to remember multiple passwords.

Change is Coming

One of the main benefits of passkeys is their resistance to phishing. Unlike passwords that can be stolen through fake websites, passkeys do not allow this type of attack, significantly increasing security during login. Leading tech companies like Apple, Google, and Microsoft are backing this new standard, which is presented as a collective philosophy rather than just a commercial product.

In addition to improving security, passkeys promise to enhance the user experience by eliminating additional steps, such as verification via SMS or difficult-to-remember codes. However, concerns related to device loss persist, although it has been established that the recovery of passkeys can be linked to cloud synchronization or between devices.

Despite its advantages, the widespread adoption of passkeys faces obstacles. Not all users are ready for this transition, especially on platforms that still use traditional passwords or operate with hybrid systems. This is particularly relevant in shared environments, such as family or work devices, where managing access securely remains a challenge.

From a business perspective, passkeys are attractive due to their ability to reduce account theft and issues related to forgotten passwords. As more organizations adopt this technology, we could be witnessing the twilight of passwords as we know them. Maintaining a sensible backup method will be key in this new digital security landscape.

Las claves de acceso están revolucionando el acceso digital

En la evolución continua de la ciberseguridad, los passkeys están emergiendo como una solución conveniente para el acceso a cuentas sin la necesidad de contraseñas tradicionales. Este sistema utiliza criptografía para autenticar al usuario, permitiendo el desbloqueo a través de métodos biométricos como la huella dactilar o el reconocimiento facial, así como PINs. Así, se elimina uno de los mayores inconvenientes de la vida digital actual: la necesidad de recordar múltiples contraseñas.

El cambio está llegando

Uno de los principales beneficios de los passkeys es su resistencia al phishing. A diferencia de las contraseñas que pueden ser robadas a través de sitios web falsos, los passkeys no permiten este tipo de ataque, lo que incrementa significativamente la seguridad en el inicio de sesión. Compañías tecnológicas líderes como Apple, Google y Microsoft están respaldando este nuevo estándar, que se presenta como una filosofía colectiva en lugar de un simple producto comercial.

Además de mejorar la seguridad, los passkeys prometen facilitar la experiencia de los usuarios al eliminar pasos adicionales, como la verificación mediante SMS o códigos difíciles de recordar. Sin embargo, persisten preocupaciones relacionadas con la pérdida de dispositivos, aunque se ha establecido que la recuperación de passkeys puede vincularse con la sincronización en la nube o entre dispositivos.

A pesar de sus ventajas, la adopción generalizada de passkeys enfrenta obstáculos. No todos los usuarios están listos para esta transición, especialmente en plataformas que siguen utilizando contraseñas tradicionales o que operan con sistemas híbridos. Esto es especialmente relevante en entornos compartidos, como dispositivos familiares o laborales, donde gestionar el acceso de manera segura sigue siendo un reto.

Desde una perspectiva empresarial, los passkeys son atractivos debido a su capacidad para reducir el robo de cuentas y los problemas relacionados con contraseñas olvidadas. A medida que más organizaciones adopten esta tecnología, podríamos estar ante el ocaso de las contraseñas como las conocemos. Mantener un método de respaldo sensato será clave en este nuevo panorama de seguridad digital.

A study reveals the security risks of cloud-based access keys

Recent warnings from the FIDO Alliance and Yubico have highlighted the insecurity of implementing synchronized passkeys in organizational environments. Although these credentials offer convenience for the user through synchronization via cloud services like iCloud or Google Cloud, they also significantly expand the attack surface, increasing vulnerability to man-in-the-middle attacks and phishing techniques. Passkeys: the double-edged sword Researchers have demonstrated that compromised browser environments can manipulate WebAuthn records and accesses without compromising the cryptography of the passkeys. This […]

Recent warnings from the FIDO Alliance and Yubico have highlighted the insecurity of implementing synchronized passkeys in organizational environments. Although these credentials offer convenience for the user through synchronization via cloud services like iCloud or Google Cloud, they also significantly expand the attack surface, increasing vulnerability to man-in-the-middle attacks and phishing techniques.

Passkeys: the double-edged sword

Researchers have demonstrated that compromised browser environments can manipulate WebAuthn logs and accesses without compromising the cryptography of passkeys. This is achieved through malicious extensions or by exploiting existing vulnerabilities, allowing attackers to perform actions such as code injection or hijacking authentication processes. The security of the implementation is compromised, particularly when users are induced to select weaker authentication methods, such as SMS or OTP, by a malicious proxy that intercepts communication.

In contrast, device-linked passkeys, which generally require secure hardware components for their generation and use, offer more robust control over device signals and lifecycle management. This approach not only enhances security but also allows organizations to conduct more effective audits of their authentication systems.

Therefore, both the FIDO Alliance and Yubico recommend that companies reconsider the implementation of synchronized passkeys, opting instead for solutions that are tied to devices to ensure greater protection. The convenience offered by synchronized passkeys should not compromise the integrity of access security in business environments.

Passwords, the weak point of your online security

Passwords have long been a pillar of digital security, but their effectiveness is increasingly being questioned. According to the latest Verizon report, passwords are responsible for 60% of security breaches, where the human element plays a crucial role in complicating credential management. As cyber attacks become more sophisticated, security experts warn that continuing to rely on passwords is a significant risk. A weak password leaves you exposed to all kinds of dangers on the Internet Despite this recognition, a complete transition to methods […]


Passwords have long been a cornerstone of
digital security, but their effectiveness is increasingly being
questioned. According to the latest Verizon report, passwords are
responsible for 60% of security breaches, where the human
element plays a crucial role in complicating credential management. As
cyberattacks become more sophisticated, security experts warn that continuing to rely on passwords
is a significant risk.

A weak password leaves you exposed to all kinds of dangers on the Internet

Despite this recognition, a complete transition to passwordless authentication methods is not expected in the short term. The resistance of users and the complexity of the process make this goal more of a challenge than an accessible reality. Organizations need a more pragmatic approach that allows them to manage the current risks associated with passwords while moving towards a safer future.

Tools like the 1Password Passkeys directory are
helping to identify applications that support passwordless
authentication and to manage credentials more securely. However, while more effective solutions are awaited, it is crucial that
IT and security teams educate users on best
practices, such as using password managers and single sign-on (SSO) solutions.

Additionally, it is advisable for companies to evaluate which systems
can support passwordless authentication methods and which cannot. In
cases where it is not possible to eliminate the need for passwords, strategies
should be implemented to minimize user involvement in the authentication
process, in order to reduce inherent risks. This can be achieved by adopting
password managers that encrypt and protect credentials,
ensuring that they are not directly manipulated by users.

Avast Free Antivirus DOWNLOAD