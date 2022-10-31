While Big Tech’s idea of ​​ending passwords was a hot topic, it was still far from a reality. Other alternatives were developed such as: pushes, OAUTH single-sign ons and trusted platform modules. However, they were the ones that presented security problems that arose during use. On the other hand, a new alternative called keys of access and it is about them that we will talk in the text. Check out!

Read more: Encryption

Understand how access keys work

Access keys are a way of storing access authorizations in hardware, a concept that is not new. The big developer companies (Microsoft, Apple, Google and a consortium of other companies) have come together in a new standard called singlepasskey shepherded by the FIDO Alliance. By using access keys, in addition to facilitating access, it ensures more security in the face of account acquisition attacks. This alternative is already in use in some companies. This week PayPal announced that in the US users can use it.

The keys are invisible and integrate with Face ID, Windows Hello and other biometric readers. However, the systems are still being updated so that the keys can be used both on iOS or mac system, as well as on Windows.

Advantages of keys

This is a secure system, as you only physically open the device or subject it to a jailbreak attack in order to obtain some encrypted information. And you still need to present fingerprint, face scan or token PIN. Another security plus point is that the authentication flow between FIDO devices relies on Bluetooth Low Energy, and it checks the proximity of the authentication device to the one trying to log in.

So far there have been few attacks against the system. Access keys are not password dependent, they store multiple authentication factors managed by the device’s operating system. In addition to having the possibility to capture encryption from other devices using a cloud service.

Microsoft announced that it plans to provide sync support in 2023. These are the platforms that support passkey login from a nearby device: