In this edition of Rob’s Corner of the MIRACL Memo, Rob discusses Google’s introduction of Passkeys for Google Workspace accounts, a step towards a passwordless future. However, there are concerns with passkeys acting as cloud-based password managers, considering the flaws in similar services. Going passwordless alone is insufficient, as single-factor authentication leaves us vulnerable, including the use of biometrics - Check out this video from Forbes: We 3D Printed Our Heads To Bypass Facial Recognition Security, And It Worked. This presents an opportunity for adopting multi-factor authentication. MIRACL advocates for passwordless multi-factor authentication, offering a better user experience, enhanced security, reduced support costs, increased traffic, improved conversion rates, and no fraud compensation for operators. Stay tuned for more updates on authentication.
Welcome to another edition of MIRACL Memo where we bring you the latest news and views on all things authentication
This month Google made headlines with the introduction at long last of Passkeys for Google Workspace accounts.
It has long been recognised that passwords are outdated and not secure enough for the needs of a modern business, so the move from Google to cut passwords can only be a good thing. If leading tech companies embrace a passwordless future, it will make life significantly harder for the cybercriminals, and safer for businesses and individuals everywhere.
However, there are 2 big caveats here: First, Passkeys are really a cloud-based password manager, and we have seen from Lastpass and Lifelock that password managers are inherently flawed. It is notable that there is no word on how the Passkeys are secured and why a cloud-based single repository of highly valuable credentials should be considered so much more secure.
Second, going passwordless alone is absolutely not enough. Pretty much everyone has had an account of theirs hacked, many of us multiple times. This is because dependency on a single factor alone leaves us tragically vulnerable. If you think you’re secure using one factor because they’re biometrics, check out the following link https://m.youtube.com/watch?v=ZwCNG9KFdXs
and you’ll appreciate our vulnerable they are – particularly on ANDROID phones.
The big switch in authentication systems away from passwords is a generational opportunity to adopt multi-factor authentication. Here is where Passkeys fall so short because essentially, either you use them to get rid of passwords or you retain your password and all the grief that entails and use Passkeys as a layer on top.
Not good enough!
MIRACL’s mantra remains passwordless multi-factor authentication from any device in one single user step and without any cyber-attack vulnerabilities. This benefits users; better experience and no account takeover. But crucially, it benefits operators even more; reduced support cost, more traffic, better conversion, and no fraud compensation.
Thanks for watching!