UK pioneering global move away from passwords
https://www.ncsc.gov.uk/news/government-adopt-passkey-technology-digital-services
Posted by Akkeri
UK pioneering global move away from passwords
https://www.ncsc.gov.uk/news/government-adopt-passkey-technology-digital-services
Posted by Akkeri
1 comment
> Passkeys are unique digital keys that are today tied to specific devices, such as a phone or a laptop, that help users log in safely without needing an additional text message or other code. When a user logs in to a website or app, their device uses this digital key to prove the user’s identity without needing to send a code to a secondary device or to receive user input.
> This method is more secure because the key remains stored on the device and cannot be easily intercepted or stolen, making them phishing-resistant by design. As a result, even if someone attempts to steal a password or intercept a code, they would be unable to gain access without the physical device that contains the passkey.
So it’s like keeping your password (the contents of which you do not know) in a text file on your desktop (and nowhere else) and have your browser automatically read your password from it.
Cool. So…. what happens if you lose or break your device, or it gets stolen? How do you recover your access? Is the process of recovering your access just as secure? Because if it isn’t then that’s how people’s accounts would be broken in instead.
Does the person that use your device in your stead gain your level of access to all things, including bank accounts and such? Without your consent for it, or heck, even the knowledege of the event taking place?
How do they expect tech illiterate people that find even SMS 2FA daunting to be able to deal with this in case literally any problems occur? Ask their zoomer children for help, or tech support of giant soulless corporations or it takes a month to get through AI “assistance” to talk to a real person?
More questions than answers.
Comments are closed.