Home Technology Proton Adds Passkey Support to Password Manager, Knocks Big Tech

Proton Adds Passkey Support to Password Manager, Knocks Big Tech

by news

Proton, the maker of an email system known for its strong security, has added passkey support for its password manager while knocking “Big Tech” for trapping their users’ passkeys behind “walled gardens.”
“Even though passkeys were developed by the FIDO Alliance and the World Wide Web Consortium to replace passwords and are meant to provide ‘faster, easier, and more secure sign-ins to websites and apps across a user’s devices,’ their rollout hasn’t lived up to these lofty ideals,” Son Nguyen, founder of SimpleLogin and a developer of Proton Pass, wrote in a blog Monday.
“Instead, the first organizations to offer passkeys, Apple and Google, prioritized using the technology to lock people into their walled gardens rather than provide a secure solution to everyone,” he continued. “This closed approach diminishes the value of passkeys for everyone and makes it less likely that they’ll be universally adopted, which is critical if they’re to ever replace passwords.”
Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla., agreed with Nguyen. “The original and current existing FIDO passkey standard and the way the big vendors, such as Microsoft, Google, and Apple implement it, create walled gardens,” he told TechNewsWorld.
“FIDO is aware of this problem and is currently working on an updated version of passkeys that removes this limitation,” he said.
“Proton isn’t the first company to tackle the problem of passkey platform lock,” he added. “For instance, the 1Password password manager allows you to use passkeys across platforms.”
However, the FIDO Alliance disagreed with Proton’s assertions. “Passkeys were never created to be only the domain of Big Tech,” said Executive Director and CEO Andrew Shikiar.
“We’ve always contemplated an open ecosystem around this, which is why you see companies like 1Password, Dashlane, and other credential managers taking part in the FIDO Alliance,” he told TechNewsWorld.
“There’s no vendor lock-in,” he said. “In fact, all these companies are actively working in the FIDO Alliance to look at a new protocol to allow for credential portability. They’re all working on allowing you to migrate passkeys from one cloud to another.”
“Passkeys are designed to be implemented with all types of platforms, apps, and operating systems,” added James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization in San Diego devoted to minimizing risk and mitigating the impact of identity compromise and crime.
“That’s exactly what we are seeing now,” he told TechNewsWorld. “To do otherwise would even further delay the adoption of what is an exponentially more secure process.”
Nguyen maintained that after seeing Big Tech’s rollout of passkeys, several password managers also rushed their release of passkeys, resulting in a clunky user experience.
“Some password managers only support passkeys via their web extension, making it difficult for anyone trying to log in to the same app with a passkey on their mobile phone,” he wrote. “Most password managers that support passkeys only offer them with a paid plan, meaning Google Password Manager and Apple Keychain were the only viable free passkey providers until Proton Pass added them.”
“Big Tech was among the first to begin building solutions for a passwordless world, but a walled-gardens approach limits the adoption potential of passkeys among consumers,” added Anna Pobletts, head of passwordless at 1Password.
“At 1Password,” she told TechNewsWorld, “we’ve taken an interoperable approach so that users can navigate the transition from passwords to passwordless and to ensure they have a choice in how they manage their online identities across platforms and devices — both at work and at home.”
Darren Guccione, CEO of Keeper Security, a password management and online storage company in Chicago, noted that traditional password-based systems are plagued by inherent vulnerabilities, including susceptibility to brute-force attacks, phishing, and human-factor weaknesses.
“Passwordless authentication methods that leverage biometrics, multi-factor authentication, and advanced technologies offer a robust defense against these threats,” he told TechNewsWorld.
In contrast to passwords, which typically consist of a combination of characters, numbers, and symbols, passkeys rely on the principles of public-key cryptography, he explained. They utilize a pair of cryptographic keys: a private key securely stored on the user’s device and a public key registered with the service provider.
Behind the scenes, passkeys employ a challenge-response mechanism, he continued.
When a user attempts to access their account, the service provider dispatches a challenge to the user’s device. Subsequently, the device signs the challenge with the private key and transmits the signed response back to the server for validation.
Because the private key never leaves the user’s device and isn’t transmitted over the network, passkeys provide a heightened level of security compared to traditional passwords and are phishing-resistant.
“Passkeys are limited to the device on which they are created unless you create and save the passkey in a password manager,” Guccione said. “Storing passkeys in a secure password manager provides access to your passkeys, no matter what device you’re using or where you’re logging in from, allowing you to use them across different browsers and operating systems.”
“Passkeys eliminate some of the most common social engineering attacks, like phishing or credential stuffing, altogether, as they remove the reward that hackers are after — credentials,” added Pobletts.
Guccione noted that the future of passkeys appears promising but cautiously so and marked by gradual advancement. “The robust backing from tech leaders such as Microsoft, Apple, Google, and Amazon is a step in the right direction,” he said. “Standardization endeavors may play a pivotal role in overcoming interoperability challenges and fostering more widespread adoption.”
“Nonetheless,” he added, “it’s vital to acknowledge that passkeys will not supplant passwords in the near future, if ever.”
“Among the billions of websites in existence, only a fraction of a percent currently offer support for passkeys,” he continued. “This extremely limited adoption can be attributed to various factors, including the level of support from underlying platforms, the need for website adjustments, and the requirement for user-initiated configuration.”
To be a true account security solution, passkeys must become universal, Nguyen added.
“Like many online features, passkeys benefit from a network effect,” he wrote. “The more sites and services that use passkeys, the better and easier a solution they are for users (with the added benefit of making everyone’s data more secure). Unfortunately, Big Tech has treated passkeys as an opportunity to advance their commercial interests rather than as a tool to provide universal security.”
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
Please sign in to post or reply to a comment. New users create a free account.

What are your top priorities for a home robot butler?
– select all that apply –

Loading ... Loading …

Childcare, health monitoring, personal assistance
Entertainment and interactive companionship
Home cleaning and yard maintenance
Meal prep
Security and surveillance
Smart home integration support
Courts, Regulators Pose Threat To Apple Services Revenue in 2024
OpenAI’s Sora, ElevenLabs, and the End of Video Media as We Know It
GTC 2024: The Brilliant Insanity of Nvidia’s CEO and Which AI Vendors Stood Out
Nvidia Raises Ante in AI Chip Game With New Blackwell Architecture
Report Finds White Hats on Offensive Against Black Hat Hackers
The Realities of Switching to a Passwordless Computing Future
AI Will Have a Transformative Impact on Software Development in 2024
How AI Could Have Prevented the Key Bridge Collapse
More Linux Malware Means More Linux Monitoring
Next-Generation Wi-Fi 7 Standard Expected To Be Finalized in Early 2024
Mobile Security Firms Fortify Defenses as App Attacks Accelerate
Qualcomm Chip Closing Performance Gap With Apple M3 in Leaked Benchmarks
SevaCare Blood Pressure Monitor Offers Affordable Home Health Assurance
Majority of Consumers Feel Safe With DIY Home Security: Parks Study
Lunar Lobster Is Dead: How To Upgrade to Ubuntu 23.10 Mantic Minotaur
Paranoia in the Home: 1 in 3 Americans Worried About Their Smart Gadgets Being Hacked
HP Amplify Event’s Second Act Was Worth the Wait
Rob Enderle’s Tech Forecast for 2024
The DOJ’s Flabby Antitrust Lawsuit Against Apple
LinDoz Returns With Advanced AI To Revamp the MakuluLinux Lineup
Are Deepfakes Overblown?
The Orbi RBE973 Wi-Fi Router Really Is That Good
AI-Powered Software Offers Breakthrough for Treating Dyslexia
Affiliate Marketing Contributing to Substandard Search Results: Study
Disorganization, Not Cost, Fuels the IT E-Waste Crisis
Apple, Google Talks Could Bring Gemini AI to iPhone
Tech Coalition Launches Initiative To Crackdown on Nomadic Child Predators
Amazon’s Competitor to Musk’s Starlink Takes Critical Step Toward Deployment
Standout Tech Products of 2023
10 Products From CES 2024 That Set the Innovation Bar
Might Nvidia Be the First Company With an AI CEO?
Electronic Frontier Foundation Calls for FTC Action on Poisoned Set-Top Boxes
Honda Introduces First Hydrogen-Powered Consumer Vehicle in America
Vision Pro Revives One-and-Done App Purchases
Apple Vision Pro Impressions: One Week Later
‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry
Copyright 1998-2024 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.


Related Posts