Note4Students
From UPSC perspective, the following things are important :
Prelims level: Passkeys, Password
Mains level: Not Much
Central Idea
- In 1961, MIT computer science professor Fernando Corbato introduced the world to digital passwords, an innovation designed for research purposes. Little did he know the profound societal impact his creation would eventually wield.
Why discuss this?
- Passwords have become nearly synonymous with cybersecurity in the 21st century, albeit with an unsavory connotation.
- Despite efforts to promote robust password practices, “password” and “123456” continue to dominate the list of common passwords, underscoring the pervasive vulnerability of most accounts.
Passkeys: Need for Change
- Ineffectiveness of Passwords: The prevailing authentication method, based on passwords, falls short in ensuring adequate security.
- Big Tech Solution: In response to this predicament, major tech companies propose a solution – passkeys.
Understanding Passkeys
- Web Authentication Standard: Passkeys are a security feature built on the WebAuthentication (WebAuthn) standard.
- Public-Key Cryptography: Passkeys employ public-key cryptography, a potent technique employing a public key (server-side) and a private key (user-side).
- Authentication Process: When users log in, a challenge is sent to their device, which utilizes the private key to solve it and respond. The server then validates the response with the public key, all without storing any secrets, enhancing security.
Getting Started with Passkeys
- Wide Compatibility: Leading tech companies, including Microsoft, Google, and Apple, have collaborated to make passkeys accessible to most recent phones and PCs.
- Operating Systems: Passkeys are available on iOS 16+, iPadOS 16+, macOS Ventura, Android 9+, Windows 10, and Windows 11.
- Web Browsers: Passkeys are supported on popular browsers like Chrome, Edge, Safari, and Firefox.
Creating and Using Passkeys
- Account Requirement: Users need an account with a provider supporting passkeys, such as Microsoft, Google, or Apple.
- Activation Process: To enable passkeys, sign in to a compatible app or website, activate the passkey option, and obtain a unique passkey linked to your account and device.
- Usage: Passkeys can be used with biometrics (e.g., Touch ID, Face ID), QR codes, or device verification.
Future of Passwords
- Inevitable Evolution: While passkeys offer notable advantages over traditional passwords in terms of security and user-friendliness, they still face challenges related to compatibility and user adoption.
- Industry Push: Notably, Google, Apple, and Microsoft are driving the passkey agenda strongly, suggesting that passwords may eventually become obsolete.
Conclusion
- A Security Evolution: The emergence of passkeys as an alternative to traditional passwords marks a significant shift in the realm of cybersecurity.
- Ongoing Transition: As passkeys gain momentum and garner support from tech giants, they may gradually pave the way for a password-free future, promising enhanced security and user convenience in the digital realm.
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024