In a significant move towards enhancing online security, Proton, renowned for its secure email system, has introduced support for passkeys in its password manager, while expressing criticism towards Big Tech companies for confining users’ passkeys within restrictive ecosystems. Son Nguyen, founder of SimpleLogin and a developer of Proton Pass, emphasized in a blog post that the deployment of passkeys has fallen short of its ambitious goal to offer “faster, easier, and more secure sign-ins” due to the approach adopted by leading tech giants like Apple and Google.
Roger Grimes, a defense evangelist at KnowBe4, concurred with Nguyen’s viewpoint, noting that the current implementation of the FIDO passkey standard by major vendors such as Microsoft, Google, and Apple fosters ecosystem lock-ins. However, Grimes highlighted that FIDO is actively working to revise the passkey standard to eliminate this limitation, acknowledging efforts by companies like 1Password to enable cross-platform usage of passkeys.
Contrary to Proton’s criticism, FIDO Alliance’s Executive Director and CEO Andrew Shikiar defended the initiative, asserting that passkeys were always intended to support an open ecosystem. Shikiar pointed out the active collaboration within the FIDO Alliance among various credential managers, including 1Password and Dashlane, to facilitate credential portability across different clouds.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23905457/DSCF8502.jpg)
James E. Lee from the Identity Theft Resource Center echoed the sentiment that passkeys are designed for implementation across various platforms and operating systems, suggesting that any approach contrary to this would further hinder the adoption of this secure sign-in method.
Despite the broad consensus on the security benefits of passkeys, Nguyen criticized the hasty rollout by several password managers after Big Tech’s introduction of the technology, leading to subpar user experiences. He noted that until Proton Pass adopted passkey support, most free options were limited to Google Password Manager and Apple Keychain.
Anna Pobletts, head of passwordless at 1Password, stressed the importance of interoperability in the transition from passwords to a passwordless future, ensuring users have flexible options for managing their online identities across various platforms and devices.
Darren Guccione, CEO of Keeper Security, highlighted the vulnerabilities associated with traditional password-based systems, such as susceptibility to brute-force attacks and phishing. He explained how passkeys, leveraging public-key cryptography, offer a more secure authentication method that is resistant to phishing attacks.
Guccione further elaborated on the challenge-response mechanism behind passkeys, which ensures the private key never leaves the user’s device, enhancing security. He also mentioned the convenience of storing passkeys in a secure password manager for cross-browser and cross-operating system usage.
The adoption of passkeys represents a step forward in the fight against common social engineering attacks by eliminating conventional rewards sought by hackers. However, Guccione cautioned that passkeys are unlikely to replace passwords completely in the near future due to limited support across websites and the challenges associated with interoperability and user configuration.
As the online community continues to grapple with security challenges, the debate around passkeys underscores the need for a collaborative approach to ensuring universal access and security for all users, beyond the commercial interests of Big Tech.
Source
